[openssl-users] force to use /dev/random for openssl fips module

xxiao8 xxiao8 at fosiao.com
Wed Dec 9 04:25:42 UTC 2015

I don't know how critical is the DEVRANDOM for openssl-fips, in e_os.h I 
saw this:
#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
we have a hardware RNG that is feeding /dev/random via:
/sbin/rngd -r /dev/hwrng -W 4000
so the /dev/random will never block, I thus change e_os.h to force usage 
of /dev/random(per our fips code reviewer's request, who thinks I need 
change that for fips):
#define DEVRANDOM "/dev/random"
this looks fine, however I don't know if it's really the right thing to 
do, after this change my system starts to have issues(silent reboot), 
changing this line back everything runs normally.

any help is appreciated.


More information about the openssl-users mailing list