From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 9 Apr 2011 16:49:59 +0000 (+0000)
Subject: New function to return security strength of PRNG.
X-Git-Tag: OpenSSL-fips-2_0-rc1~583
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=68ea88b8d19fa3b713d0d2b40a51cf63ede028da;p=oweals%2Fopenssl.git

New function to return security strength of PRNG.
---

diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h
index 1a57edd06e..6186c00388 100644
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@@ -114,6 +114,8 @@ const RAND_METHOD *FIPS_drbg_method(void);
 
 int FIPS_rand_set_method(const RAND_METHOD *meth);
 
+int FIPS_rand_strength(void);
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/fips/rand/fips_rand_lib.c b/fips/rand/fips_rand_lib.c
index 2d198f9cd8..9ea6655edf 100644
--- a/fips/rand/fips_rand_lib.c
+++ b/fips/rand/fips_rand_lib.c
@@ -138,3 +138,25 @@ int FIPS_rand_status(void)
 		return fips_rand_meth->status();
 	return 0;
 	}
+
+/* Return instantiated strength of PRNG. For DRBG this is an internal
+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
+ * 256 outside FIPS mode.
+ */
+
+int FIPS_rand_strength(void)
+	{
+	if (fips_approved_rand_meth == 1)
+		return FIPS_drbg_get_strength(FIPS_get_default_drbg());
+	else if (fips_approved_rand_meth == 2)
+		return 80;
+	else if (fips_approved_rand_meth == 0)
+		{
+		if (FIPS_mode())
+			return 0;
+		else
+			return 256;
+		}
+	return 0;
+	}