From 68ea88b8d19fa3b713d0d2b40a51cf63ede028da Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 9 Apr 2011 16:49:59 +0000
Subject: [PATCH] New function to return security strength of PRNG.

---
 fips/rand/fips_rand.h     |  2 ++
 fips/rand/fips_rand_lib.c | 22 ++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h
index 1a57edd06e..6186c00388 100644
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@@ -114,6 +114,8 @@ const RAND_METHOD *FIPS_drbg_method(void);
 
 int FIPS_rand_set_method(const RAND_METHOD *meth);
 
+int FIPS_rand_strength(void);
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/fips/rand/fips_rand_lib.c b/fips/rand/fips_rand_lib.c
index 2d198f9cd8..9ea6655edf 100644
--- a/fips/rand/fips_rand_lib.c
+++ b/fips/rand/fips_rand_lib.c
@@ -138,3 +138,25 @@ int FIPS_rand_status(void)
 		return fips_rand_meth->status();
 	return 0;
 	}
+
+/* Return instantiated strength of PRNG. For DRBG this is an internal
+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
+ * 256 outside FIPS mode.
+ */
+
+int FIPS_rand_strength(void)
+	{
+	if (fips_approved_rand_meth == 1)
+		return FIPS_drbg_get_strength(FIPS_get_default_drbg());
+	else if (fips_approved_rand_meth == 2)
+		return 80;
+	else if (fips_approved_rand_meth == 0)
+		{
+		if (FIPS_mode())
+			return 0;
+		else
+			return 256;
+		}
+	return 0;
+	}
-- 
2.40.0