How to change entropy source?

[sardinhada]

Hello , i need to be able to source entropy from somewhere else. This is a hardware module and is located in /dev/ just like /dev/urandom.
After skimming through code and documentation, I realized that the only way to switch this behavior on is by configuring OQS_EMBEDDED_BUILD=ON at build time, which will signal the build process to ditch the getrandom() calls or /dev/urandom accesses, as per limitations of zephyr (i gathered this notion from CONFIGURE.md)
The following screenshot is from rand.c and it enforces this concept

So my question is, where and when do i call OQS_randombytes_custom_algorithm to define another function, defined elsewhere, to provide entropy that is sourced from my /dev/something ? I do have a library available which was written specifically for this entropy module, and its headers are located at /usr/include.

I thought about just compiling liboqs but change /dev/urandom to /dev/something in the following code block of rand.c

which would effectively allow me to compile without having to trick the build process into thinking this is meant for an "embedded" system (the target is linux). Is this a good idea? Please, let me know. I'm convinced that it is NOT a good idea, but it might be the shortest path to do what I need to do.

Any help would be very appreciated thank you

[dstebila]

The API in src/common/rand/rand.h lets you switch the RNG to your own custom algorithm:

liboqs/src/common/rand/rand.h

Line 46 in 01de36c

OQS_API void OQS_randombytes_custom_algorithm(void (*algorithm_ptr)(uint8_t *, size_t));

[sardinhada]

Thank you for the quick reply

I understand this does what I want, I'm just not sure where to call it; i forgot to add that I'm actually using the python wrapper (liboqs-python) which, in its correspondent algorithm switch function, asserts that it must be either "system" or "OpenSSL"

I'd just like some tips on how to switch the entropy source and make it available in liboqs-python.
I thought about creating a small C program that calls that function you mentioned , but I'm not sure where or when i'd execute it. Any tips on this ?

[dstebila]

OQS_random_bytes_switch_algorithm switches between one of two named algorithms: "OpenSSL and "system". To provide your own, you have to use OQS_randombytes_custom_algorithm.