From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Tue, 21 May 2019 07:15:24 -0700
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id A20F03001835;
	Tue, 21 May 2019 14:15:23 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-194.rdu2.redhat.com [10.10.120.194])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 489B160F8D;
	Tue, 21 May 2019 14:15:21 +0000 (UTC)
From: "Laszlo Ersek" <lersek@redhat.com>
Subject: why does RAND_add() take "randomness" as a "double"?
To: openssl-users@openssl.org
Cc: edk2-devel-groups-io <devel@edk2.groups.io>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Jian J Wang <jian.j.wang@intel.com>, "Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Message-ID: <6c4a456a-3198-bfa2-6d89-433e4d3f3fd5@redhat.com>
Date: Tue, 21 May 2019 16:15:20 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 21 May 2019 14:15:23 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

(resending, with my subscription to <openssl-users@openssl.org> completed=
)

Hi OpenSSL Developers,

(cross-posting <openssl-users@openssl.org> and <devel@edk2.groups.io>,)

OpenSSL commit [1] changed the representation of the "entropy amount" --
later renamed to "randomess" in [2] -- from "int" to "double". I've read
the commit message:

commit 853f757ecea74a271a7c5cdee3f3b5fe0d3ae863
Author: Bodo M=C3=B6ller <bodo@openssl.org>
Date:   Sat Feb 19 15:22:53 2000 +0000

    Allow for higher granularity of entropy estimates by using 'double'
    instead of 'unsigned' counters.
    Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.

    Partially submitted by Yoram Meroz <yoram@mail.idrive.com>.

and also checked "MacOS/GetHTTPS.src/GetHTTPS.cpp" at the same commit.
But, I'm none the wiser.

Can someone please explain what is gained by using a floating point type
here?

Is it really a relevant use case that entropy is fed from an external
source to OpenSSL such that truncating the amount to a whole number of
bits would cause significant lossage? (Admittedly, it could be relevant
if the individual randomness bit counts were in the (0, 1) interval,
both boundaries exclusive.)

Using floating point for randomness representation is a problem for
environments that prefer to avoid floating point altogether, such as
edk2 ("UEFI") firmware

Thanks,
Laszlo

[1] https://github.com/openssl/openssl/commit/853f757ecea7
[2] https://github.com/openssl/openssl/commit/f367ac2b2664