xxiao, have you changed the code to also increase the timeout and not try to use other devices to get entropy? If /dev/random is blocking at the time, it may run into issues trying to look for other sources of entropy than giving up. On Tue, Dec 8, 2015 at 8:25 PM, xxiao8 <xxiao8 at fosiao.com> wrote: > I don't know how critical is the DEVRANDOM for openssl-fips, in e_os.h I > saw this: > ---- > #define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" > ---- > we have a hardware RNG that is feeding /dev/random via: > ---- > /sbin/rngd -r /dev/hwrng -W 4000 > ---- > so the /dev/random will never block, I thus change e_os.h to force usage > of /dev/random(per our fips code reviewer's request, who thinks I need > change that for fips): > ---- > #define DEVRANDOM "/dev/random" > ---- > this looks fine, however I don't know if it's really the right thing to > do, after this change my system starts to have issues(silent reboot), > changing this line back everything runs normally. > > any help is appreciated. > > xxiao > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151210/61b60ed7/attachment.html>
