Libgcrypt was probably considered a top tier implementation in its time (I'm guessing), but this man page[1] brings up a lot of concerns along the lines of the things you mention.

You've got:

- Multiple "Random quality levels", defined as "weak random", "strong random", and "very strong random". How does a any CSPRNG sensibly differentiate?

- "Weak random" is described as for use in "all functions", with a specific list of exceptions. In other words, it's the default.

- A random function that doesn't "drain the precious entropy pool", which is described as producing "unpredictable bytes"

- A "secure" variant of the gcry_random_bytes function, which still takes a "level" as an input, including "weak"

If I picture myself as a developer using this, there's a horrible amount of options, and a feeling that every recommended option is a place I'm likely to make a fatal error.

[1] https://www.gnupg.org/documentation/manuals/gcrypt/Retrievin...