git.ipfire.org Git - thirdparty/openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Wed, 2 May 2018 04:24:20 +0000 (06:24 +0200)
committer	Richard Levitte <levitte@openssl.org>
	Wed, 2 May 2018 08:18:29 +0000 (10:18 +0200)
commit	6ebb49f3f9c9333611192561979bb799fa1eb76d
tree	d178ba8101e0038d186095959c15149b9b6da977	tree \| snapshot
parent	6299c7a4020294582d9424cb8aaf439d2ff0da94	commit \| diff

Change rand_pool_bytes_needed to handle less entropy than 1 per 8 bits

rand_pool_bytes_needed() was constructed in such a way that the
smallest acceptable entropy factor was 1 entropy bits per 8 bits of
data.  At the same time, we have a DRBG_MINMAX_FACTOR that allows
weaker source, as small as 1 bit of entropy per 128 bits of data.
The conclusion is that rand_pool_bytes_needed() needs to change to
support weaker entropy sources.  We therefore change the input of
entropy per byte to be an entropy factor instead.  This entropy factor
expresses how many bits of data it takes (on average) to get 1 bit of
entropy.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6150)

crypto/include/internal/rand_int.h		diff \| blob \| blame \| history
crypto/rand/rand_lib.c		diff \| blob \| blame \| history
crypto/rand/rand_unix.c		diff \| blob \| blame \| history
crypto/rand/rand_vms.c		diff \| blob \| blame \| history
crypto/rand/rand_win.c		diff \| blob \| blame \| history