xxiao, Are you sure you can't modify that? My understanding of FIPS mode is that you cannot modify the FIPS code canister, which entropy sources are not a part of.
Cheers, Ethan On Thu, Nov 12, 2015 at 8:08 AM, xxiao8 <xxi...@fosiao.com> wrote: > in e_os.h I saw > ====== > #ifndef DEVRANDOM > > /* set this to a comma-separated list of 'random' device files to try out. > > * My default, we will try to read at least one of these files */ > > #define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" > > # endif > ====== > this basically sets /dev/urandom as the default which really is not > FIPS-friendly, is there a way to override this during compilation to set > the default to /dev/random instead? I'm not supposed to modify the source > code as it will invalidate openssl-FIPS certificate. > > Thanks, > xxiao > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users