OpenSSL random - using ENGINE API to set random, what is the right way to do it?

Question

In OpenSSL, using an engine taking use of hardware, I'm trying to make sure the RAND_bytes will use the engine and hardware. I came across two functions:

ENGINE_set_default_RAND(ENGINE*)
RAND_set_rand_engine(ENGINE*)

Seemingly - they do the same. Why are there two of them? Which one is the right way to go?

I've further tested if set functions work by disconnecting the hardware and performing init, then RAND_bytes. Using the first function only (ENGINE_set_default_RAND) everything suceeded - obviously the software implementation was used (why?). When changed to the second it failed on the set RAND_set_rand_engine function call (which is great).

Answer 1

According to: https://www.openssl.org/docs/crypto/engine.html#Application_requirements ENGINE_set_default_(ENGINE)* is the way to go, e.g.:

ENGINE_set_default_RAND(myPtrEngine);

which worked, effectively causing the engine implementation to be used. I've tested it by modifying the custom engine code, injecting it with some simple printfs(...) to indicate the flow (had some problems with debugging).

The other call:

RAND_set_rand_engine(myPtrEngine);

resulted in essentially the same (I do not know the internal differences).

The problem that caused me to ask, was the possibility of a fallback-to-software mechanism. With the hardware disconnected and the engine using it set, the random functions seemingly worked. I therefore did not know whether the ENGINE_set_default_RAND worked. After examining the engine's code, however, it turned out it itself had a fallback mechanism. That's why it always worked.