RAND_add() forces a reseed to the DRBGs and uses the passed material
(not as entropy but as additional input).
EVP_RAND_reseed() is a more direct interface but remember that the built
in DRBGs are free to ignore what the user claims is /entropy/. History
has shown us time and again that /entropy/ is often anything but.
The *best* way to do this, is to create a provider which acts as a seed
source and to then use this as the parent of the primary DRBG. See, for
example, test/testutil/fakerandom.c for how to do this. The key is to
set up the seed source before the RNG subsystem is first used.
If you simply want to replace the built-in DRBGs with a real random
source, create a provider and set the appropriate environment/config
variables.
Pauli
On 24/3/21 4:14 pm, Bala Duvvuri via openssl-users wrote:
Hi All,
In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.
Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for
entropy and nonce generation.
How can this be achieved with EVP_RAND implementation i.e. does it allow
entropy to be provided?
Thanks
Bala