Kory,
The situation is more complicated but your solution below is the one I'd
have suggested.
SP800-90B says bad things about /dev/random but this is modified by IG
7.14 indicates that it is okay to use /dev/random. Then IG 7.19 says
that it isn't. The current FIPS 140-2 validation is
Adding that should be enough to force only FIPS validated algorithms are
used.
Just doing that isn't enough, there is more you are going to need to
do. E.g. you will need to load the FIPS and base providers either via
config or explicitly.
It's possible to set the default properties via
I have an OpenSSL app which performs ECDH-KAS using openssl-1.0.1g +
openssl-fips-2.0.5. It needs to be FIPS compatible. The app was written using
the low level ECDH functions similar to what is documented here: