I'm having trouble getting RAND_status() to return 1 when my openssl.cnf has both the default provider and the fips provider configured at the same time:
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
fips = fips_sect
[default_sect]
activate = 1
.include /conf/openssl/fips.cnf
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
fips = fips_sect
[default_sect]
activate = 1
.include /conf/openssl/fips.cnf
If I remove either default or fips from [provider_sect] then RAND_status() returns 1. If I leave them both specified there, RAND_status() always returns 0. Is this the expected behavior or am I doing something wrong? I understand that I must specify properties when fetching algorithms in order to get deterministic behavior with multiple providers loaded. Is there an analogous API for the PRNG that I'm overlooking?
Interestingly, setting activate=0 for either provider is not sufficient to work around this issue.
Thanks,
Tom.III
