xxiao, Are you sure you can't modify that? My understanding of FIPS mode is that you cannot modify the FIPS code canister, which entropy sources are not a part of. Cheers, Ethan On Thu, Nov 12, 2015 at 8:08 AM, xxiao8 <xxiao8 at fosiao.com> wrote: > in e_os.h I saw > ====== > #ifndef DEVRANDOM > > /* set this to a comma-separated list of 'random' device files to try out. > > * My default, we will try to read at least one of these files */ > > #define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" > > # endif > ====== > this basically sets /dev/urandom as the default which really is not > FIPS-friendly, is there a way to override this during compilation to set > the default to /dev/random instead? I'm not supposed to modify the source > code as it will invalidate openssl-FIPS certificate. > > Thanks, > xxiao > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151112/656c6a17/attachment.html>
