New function to return security strength of PRNG.
This commit is contained in:
Dr. Stephen Henson
parent
31360957fb
commit
68ea88b8d1
2 changed files with 24 additions and 0 deletions
|
|
@ -114,6 +114,8 @@ const RAND_METHOD *FIPS_drbg_method(void);
|
|||
|
||||
int FIPS_rand_set_method(const RAND_METHOD *meth);
|
||||
|
||||
int FIPS_rand_strength(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -138,3 +138,25 @@ int FIPS_rand_status(void)
|
|||
return fips_rand_meth->status();
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Return instantiated strength of PRNG. For DRBG this is an internal
|
||||
* parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
|
||||
* type of PRNG is not approved and returns 0 in FIPS mode and maximum
|
||||
* 256 outside FIPS mode.
|
||||
*/
|
||||
|
||||
int FIPS_rand_strength(void)
|
||||
{
|
||||
if (fips_approved_rand_meth == 1)
|
||||
return FIPS_drbg_get_strength(FIPS_get_default_drbg());
|
||||
else if (fips_approved_rand_meth == 2)
|
||||
return 80;
|
||||
else if (fips_approved_rand_meth == 0)
|
||||
{
|
||||
if (FIPS_mode())
|
||||
return 0;
|
||||
else
|
||||
return 256;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue