Always return multiple of block length bytes from default DRBG seed

callback. Handle case where no multiple of the block size is in the interval [min_len, max_len].
author: steve <steve> 2011-04-23 20:05:17 +0000
committer: steve <steve> 2011-04-23 20:05:17 +0000
commit: 3fad487c9c289bdcdd30bf3338545ce8d20c7878 (patch)
tree: df5a61dd1785c18639ed1cbe2a739f03c984ed06 /CHANGES
parent: 0a5ea60bf7b25ae30a980670a6284bcd02e00f23 (diff)
download: openssl-3fad487c9c289bdcdd30bf3338545ce8d20c7878.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 6e54214b4..aa0fe51e1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Minor change to DRBG entropy callback semantics. In some cases
+     there is no mutiple of the block length between min_len and
+     max_len. Allow the callback to return more than max_len bytes
+     of entropy but discard any extra: it is the callback's responsibility
+     to ensure that the extra data discarded does not impact the
+     requested amount of entropy.
+     [Steve Henson]
+
   *) Add PRNG security strength checks to RSA, DSA and ECDSA using 
      information in FIPS186-3, SP800-57 and SP800-131A.
      [Steve Henson]
author	steve <steve>	2011-04-23 20:05:17 +0000
committer	steve <steve>	2011-04-23 20:05:17 +0000
commit	3fad487c9c289bdcdd30bf3338545ce8d20c7878 (patch)
tree	df5a61dd1785c18639ed1cbe2a739f03c984ed06 /CHANGES
parent	0a5ea60bf7b25ae30a980670a6284bcd02e00f23 (diff)
download	openssl-3fad487c9c289bdcdd30bf3338545ce8d20c7878.tar.gz