why does RAND_add() take "randomness" as a "double"?
jb-openssl at wisemo.com
Wed May 22 15:03:14 UTC 2019
On 21/05/2019 16:44, Salz, Rich via openssl-users wrote:
> When I overhauled the RAND mechanism, I tried to deprecate this use of floating point, in favor of just a number from 0 to 100 but was voted down.
> It *is* stupid. Luckily, on a modern system with system-provided randomness to seed the RNG, you never need this call.
Perhaps it would have been more acceptable to use a binary base,
instead of a decimal percentage, as there is nothing inherently
decimal about this value.
Good options inspired by other cryptographic libraries include:
- Number of bits of entropy passed in call (For example, a
perfectly balanced coin flipper could provide the 4 byte
values "head" or "tail" with an entropy of 1 bit).
- 256th of bits ditto (for example a coin flipper with a known
slight imbalance could report 252/256th of a bit for each flip
included in the buffer).
- 32th of bits ditto (makes the "100%" case equal to
(bytecount << 8)).
In each of those 3 cases, the internal measure of "entropy
left" would be in that same unit, and a compatibility mapping
for the old API would do the conversion of the double as a
pure inline macro that doesn't trigger "float used" compiler
magics in programs that don't use it.
- The current limit of considering only 32 bytes of entropy
is an artifact of the current set of RNG algorithms, and
should not be exposed in the API design. For example
future addition of post-quantum algorithms may necessitate
having an RNG with an internal state entropy larger than
- Future RNG implementations may include logic to safely
accumulate obtained entropy into "batches" before updating
the RNG state, as this may have cryptographic benefits.
- The use of a dummy double to force the alignment of
structures and unions to the "highest known" value can
be trivially replaced by another type where it is not
already treated as "not actually floating point
operations" by the compiler. For example by passing
"-Ddouble=long long" as a compiler option.
- The use of floating point registers in CPU-specific
vector unit optimizations can be readily avoided by
a no-asm compile.
- Floating point calculations in test programs such as
"openssl speed" is not relevant to actual library use.
- On Linux x86, test programs that avoid all floating
point can be checked via the PF_USED_MATH flag or its
upcoming Linux 5.x replacement. This may be useful
in the test suite.
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users