diff options
| author | Richard Levitte <levitte@openssl.org> | 2018-05-02 06:24:20 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2018-05-02 10:18:29 +0200 |
| commit | 6ebb49f3f9c9333611192561979bb799fa1eb76d (patch) | |
| tree | d178ba8101e0038d186095959c15149b9b6da977 /crypto/rand/rand_win.c | |
| parent | 6299c7a4020294582d9424cb8aaf439d2ff0da94 (diff) | |
Change rand_pool_bytes_needed to handle less entropy than 1 per 8 bits
rand_pool_bytes_needed() was constructed in such a way that the
smallest acceptable entropy factor was 1 entropy bits per 8 bits of
data. At the same time, we have a DRBG_MINMAX_FACTOR that allows
weaker source, as small as 1 bit of entropy per 128 bits of data.
The conclusion is that rand_pool_bytes_needed() needs to change to
support weaker entropy sources. We therefore change the input of
entropy per byte to be an entropy factor instead. This entropy factor
expresses how many bits of data it takes (on average) to get 1 bit of
entropy.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6150)
Diffstat (limited to 'crypto/rand/rand_win.c')
| -rw-r--r-- | crypto/rand/rand_win.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 1d4420418e..f2059eb412 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -62,7 +62,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif # ifdef USE_BCRYPTGENRANDOM - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; @@ -76,7 +76,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) if (entropy_available > 0) return entropy_available; # else - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; @@ -95,7 +95,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) if (entropy_available > 0) return entropy_available; - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; |