I'm having trouble getting RAND_status() to return 1 when my openssl.cnf has both the default provider and the fips provider configured at the same time:
openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] default = default_sect fips = fips_sect [default_sect] activate = 1 .include /conf/openssl/fips.cnf If I remove either default or fips from [provider_sect] then RAND_status() returns 1. If I leave them both specified there, RAND_status() always returns 0. Is this the expected behavior or am I doing something wrong? I understand that I must specify properties when fetching algorithms in order to get deterministic behavior with multiple providers loaded. Is there an analogous API for the PRNG that I'm overlooking? Interestingly, setting activate=0 for either provider is not sufficient to work around this issue. Thanks, Tom.III