New function to return security strength of PRNG.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 9 Apr 2011 16:49:59 +0000 (16:49 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 9 Apr 2011 16:49:59 +0000 (16:49 +0000)
fips/rand/fips_rand.h
fips/rand/fips_rand_lib.c

index 1a57edd..6186c00 100644 (file)
@@ -114,6 +114,8 @@ const RAND_METHOD *FIPS_drbg_method(void);
 
 int FIPS_rand_set_method(const RAND_METHOD *meth);
 
+int FIPS_rand_strength(void);
+
 #ifdef  __cplusplus
 }
 #endif
index 2d198f9..9ea6655 100644 (file)
@@ -138,3 +138,25 @@ int FIPS_rand_status(void)
                return fips_rand_meth->status();
        return 0;
        }
+
+/* Return instantiated strength of PRNG. For DRBG this is an internal
+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
+ * 256 outside FIPS mode.
+ */
+
+int FIPS_rand_strength(void)
+       {
+       if (fips_approved_rand_meth == 1)
+               return FIPS_drbg_get_strength(FIPS_get_default_drbg());
+       else if (fips_approved_rand_meth == 2)
+               return 80;
+       else if (fips_approved_rand_meth == 0)
+               {
+               if (FIPS_mode())
+                       return 0;
+               else
+                       return 256;
+               }
+       return 0;
+       }