On Tue, Nov 16, 2021 at 4:01 PM [off-list ref] wrote:

We do link with libcurl and use OpenSSL as a DLL to handle TLS. The underlying random source for the nonstop-* configurations as of OpenSSL 3.0 are PNRG supplied by the vendor (HPE) on ia64 and the hardware rdrand* instructions on x86. I know that part of the OpenSSL code rather intimately.

Older versions of OpenSSL exported (AFAIK) a usable version of
arc4random_buf() that could have helped here; it seems to still be
there in libressl[1] which is mostly API compatible and might be worth
looking into IMHO even if as you pointed out will need an
implementation similar to what OpenSSL does internally.

[1] https://cvsweb.openbsd.org/src/lib/libcrypto/arc4random/