<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
RAND_add() forces a reseed to the DRBGs and uses the passed material
(not as entropy but as additional input).<br>
<br>
EVP_RAND_reseed() is a more direct interface but remember that the
built in DRBGs are free to ignore what the user claims is <i>entropy</i>.
History has shown us time and again that <i>entropy</i> is often
anything but.<br>
<br>
The <b>best</b> way to do this, is to create a provider which acts
as a seed source and to then use this as the parent of the primary
DRBG. See, for example, <font face="monospace">test/testutil/fakerandom.c</font>
for how to do this. The key is to set up the seed source before the
<font face="monospace">RNG</font> subsystem is first used.<br>
<br>
If you simply want to replace the built-in DRBGs with a real random
source, create a provider and set the appropriate environment/config
variables.<br>
<br>
<br>
Pauli<br>
<br>
<br>
<div class="moz-cite-prefix">On 24/3/21 4:14 pm, Bala Duvvuri via
openssl-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1644797849.3514421.1616566460759@mail.yahoo.com">
<pre class="moz-quote-pre" wrap="">Hi All,
In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.
Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for entropy and nonce generation.
How can this be achieved with EVP_RAND implementation i.e. does it allow entropy to be provided?
Thanks
Bala
</pre>
</blockquote>
<br>
</body>
</html>