DRBG: clarify difference between entropy counts and buffer lengths
Unlike the NIST DRBG standard, entropy counts are in bits and buffer lengths are in bytes. This has lead to some confusion and errors in the past, see my comment on PR 3789. To clarify the destinction between entropy counts and buffer lengths, a 'len' suffix has been added to all member names of RAND_DRBG which represent buffer lengths: - {min,max}_{entropy,adin,nonce,pers} + {min,max}_{entropy,adin,nonce,pers}len This change makes naming also more consistent, as can be seen in the diffs, for example: - else if (adinlen > drbg->max_adin) { + else if (adinlen > drbg->max_adinlen) { Also replaced all 'ent's by 'entropy's, following a suggestion of Paul Dale. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4266)
parent
b2db9c18
Please register or sign in to comment