RAND_BUF_SIZE
n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
unsigned char buf[RAND_BUF_SIZE];
ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
OPENSSL_cleanse(buf, RAND_BUF_SIZE);
#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)