why does RAND_add() take "randomness" as a "double"?
lersek at redhat.com
Tue May 21 14:15:20 UTC 2019
(resending, with my subscription to <openssl-users at openssl.org> completed)
Hi OpenSSL Developers,
(cross-posting <openssl-users at openssl.org> and <devel at edk2.groups.io>,)
OpenSSL commit  changed the representation of the "entropy amount" --
later renamed to "randomess" in  -- from "int" to "double". I've read
the commit message:
Author: Bodo Möller <bodo at openssl.org>
Date: Sat Feb 19 15:22:53 2000 +0000
Allow for higher granularity of entropy estimates by using 'double'
instead of 'unsigned' counters.
Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.
Partially submitted by Yoram Meroz <yoram at mail.idrive.com>.
and also checked "MacOS/GetHTTPS.src/GetHTTPS.cpp" at the same commit.
But, I'm none the wiser.
Can someone please explain what is gained by using a floating point type
Is it really a relevant use case that entropy is fed from an external
source to OpenSSL such that truncating the amount to a whole number of
bits would cause significant lossage? (Admittedly, it could be relevant
if the individual randomness bit counts were in the (0, 1) interval,
both boundaries exclusive.)
Using floating point for randomness representation is a problem for
environments that prefer to avoid floating point altogether, such as
edk2 ("UEFI") firmware
More information about the openssl-users