Both RAND_set_rand_method and RAND_set_rand_engine exist in 3.0.8. They
are deprecated but I doubt they'll be removed for a long time -- per our
policies, they won't be before OpenSSL 4.0 is released.
If you really want to avoid these two, you will have to write a provider
that implements access to the entropy source. You can then use this
provider instead of OpenSSL's default sources. I suggest looking at the
"test" and "seed" randoms.
For FIPS usage, it would be easiest to replace the "seed" source and
this is outside the FIPS boundary. If you RNG is FIPS validated, it
should be possible to use it directly, although the path is more complex.
Pauli
On 25/6/23 07:34, Manish Patidar wrote:
Hi
I am using Openssl 3.8 on rtos, we have harware random entropy source
for RNG. In our env, Openssl used entropy source is not available.
Look like entropy callback which used to available in earlier
versions, is no more supported. I am wondering how to plungin
hardware entropy to Openssl.
We are going to use h/w entropy in fips mode also, so we need solution
which works for both mode.
It will be really helpful if someone guide how to use h/w entropy
source in openssl 3.8
Regards
Manish
