I'm having trouble getting RAND_status() to return 1 when my openssl.cnf
has both the default provider and the fips provider configured at the same
time:
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
fips = fips_sect
[default_sect]
activate = 1
.include /conf/openssl/fips.cnf
If I remove either default or fips from [provider_sect] then RAND_status()
returns 1. If I leave them both specified there, RAND_status() always
returns 0. Is this the expected behavior or am I doing something wrong? I
understand that I must specify properties when fetching algorithms in order
to get deterministic behavior with multiple providers loaded. Is there an
analogous API for the PRNG that I'm overlooking?
Interestingly, setting activate=0 for either provider is not sufficient to
work around this issue.
Thanks,
Tom.III
