New function to return security strength of PRNG.

diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h
index 1a57edd06e39d3d278374c981263c1b0eb398184..6186c003884455222bc42abb1eccc1e368e34f42 100644 (file)
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@@ -114,6 +114,8 @@ const RAND_METHOD *FIPS_drbg_method(void);
 
 int FIPS_rand_set_method(const RAND_METHOD *meth);
 
+int FIPS_rand_strength(void);
+
 #ifdef  __cplusplus
 }
 #endif

diff --git a/fips/rand/fips_rand_lib.c b/fips/rand/fips_rand_lib.c
index 2d198f9cd818a1dc19062b2a310eed56d0bb0028..9ea6655edf3e6f3fc87e4de9ce435a2288b64e15 100644 (file)
--- a/fips/rand/fips_rand_lib.c
+++ b/fips/rand/fips_rand_lib.c
@@ -138,3 +138,25 @@ int FIPS_rand_status(void)
                return fips_rand_meth->status();
        return 0;
        }
+
+/* Return instantiated strength of PRNG. For DRBG this is an internal
+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
+ * 256 outside FIPS mode.
+ */
+
+int FIPS_rand_strength(void)
+       {
+       if (fips_approved_rand_meth == 1)
+               return FIPS_drbg_get_strength(FIPS_get_default_drbg());
+       else if (fips_approved_rand_meth == 2)
+               return 80;
+       else if (fips_approved_rand_meth == 0)
+               {
+               if (FIPS_mode())
+                       return 0;
+               else
+                       return 256;
+               }
+       return 0;
+       }