mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-11-20 01:02:18 +03:00
85485c7338
mbedtls_entropy_func returns up to MBEDTLS_ENTROPY_BLOCK_SIZE bytes. This is the output of a hash function and does not indicate how many bytes of entropy went into the hash computation. Enforce that mbedtls_entropy_func gathers a total of MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. Weak sources don't count for this calculation. This is complementary to the per-source threshold mechanism. In particular, we define system sources with a threshold of 32. But when using SHA-512 for the entropy accumulator, MBEDTLS_ENTROPY_BLOCK_SIZE = 64, so users can expect 64 bytes' worth of entropy. Before, you only got 64 bytes of entropy if there were two sources. Now you get 64 bytes of entropy even with a single source with a threshold of 32.
20 KiB
20 KiB