New function to return security strength of PRNG.

68ea88b8 · Dr. Stephen Henson · 31360957 · 68ea88b8 · 68ea88b8
隐藏空白更改
内联并排

Showing with 24 addition and 0 deletion

fips/rand/fips_rand.h fips/rand/fips_rand.h +2 -0

fips/rand/fips_rand_lib.c fips/rand/fips_rand_lib.c +22 -0

未找到文件。
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@@ -114,6 +114,8 @@ const RAND_METHOD *FIPS_drbg_method(void);

 int FIPS_rand_set_method(const RAND_METHOD *meth);

+int FIPS_rand_strength(void);
+
 #ifdef  __cplusplus
 }
 #endif

--- a/fips/rand/fips_rand_lib.c
+++ b/fips/rand/fips_rand_lib.c
@@ -138,3 +138,25 @@ int FIPS_rand_status(void)
 		return fips_rand_meth->status();
 	return 0;
 	}
+
+/* Return instantiated strength of PRNG. For DRBG this is an internal
+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
+ * 256 outside FIPS mode.
+ */
+
+int FIPS_rand_strength(void)
+	{
+	if (fips_approved_rand_meth == 1)
+		return FIPS_drbg_get_strength(FIPS_get_default_drbg());
+	else if (fips_approved_rand_meth == 2)
+		return 80;
+	else if (fips_approved_rand_meth == 0)
+		{
+		if (FIPS_mode())
+			return 0;
+		else
+			return 256;
+		}
+	return 0;
+	}