[thirdparty/openssl.git] / crypto / rand / drbg_lib.c

/*
 * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "rand_lcl.h"

/*
 * Support framework for NIST SP 800-90A DRBG, AES-CTR mode.
 */

/*
 * Get entropy from the existing callback.  This is mainly used for KATs.
 */
static size_t get_entropy(DRBG_CTX *dctx, unsigned char **pout,
                          int entropy, size_t min_len, size_t max_len)
{
    if (dctx->get_entropy != NULL)
        return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
    /* TODO: Get from parent if it exists. */
    return 0;
}

/*
 * Cleanup entropy.
 */
static void cleanup_entropy(DRBG_CTX *dctx, unsigned char *out, size_t olen)
{
    if (dctx->cleanup_entropy != NULL)
        dctx->cleanup_entropy(dctx, out, olen);
}

/*
 * The OpenSSL model is to have new and free functions, and that new
 * does all initialization.  That is not the NIST model, which has
 * instantiation and un-instantiate, and re-use within a new/free
 * lifecycle.  (No doubt this comes from the desire to support hardware
 * DRBG, where allocation of resources on something like an HSM is
 * a much bigger deal than just re-setting an allocated resource.)
 *
 * The DRBG_CTX is OpenSSL's opaque pointer to an instance of the
 * DRBG.
 */

/*
 * Set/initialize |dctx| to be of type |nid|, with optional |flags|.
 * Return -2 if the type is not supported, 1 on success and -1 on
 * failure.
 */
int RAND_DRBG_set(DRBG_CTX *dctx, int nid, unsigned int flags)
{
    int ret = 1;

    dctx->status = DRBG_STATUS_UNINITIALISED;
    dctx->flags = flags;
    dctx->nid = nid;

    switch (nid) {
    default:
        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
        return -2;
    case 0:
        /* Uninitialized; that's okay. */
        return 1;
    case NID_aes_128_ctr:
    case NID_aes_192_ctr:
    case NID_aes_256_ctr:
        ret = ctr_init(dctx);
        break;
    }

    if (ret < 0)
        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG);
    return ret;
}

/*
 * Allocate memory and initialize a new DRBG.  The |parent|, if not
 * NULL, will be used to auto-seed this DRBG_CTX as needed.
 */
DRBG_CTX *RAND_DRBG_new(int type, unsigned int flags, DRBG_CTX *parent)
{
    DRBG_CTX *dctx = OPENSSL_zalloc(sizeof(*dctx));

    if (dctx == NULL) {
        RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    dctx->parent = parent;
    if (RAND_DRBG_set(dctx, type, flags) < 0) {
        OPENSSL_free(dctx);
        return NULL;
    }
    return dctx;
}

/*
 * Uninstantiate |dctx| and free all memory.
 */
void RAND_DRBG_free(DRBG_CTX *dctx)
{
    if (dctx == NULL)
        return;

    ctr_uninstantiate(dctx);
    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, dctx, &dctx->ex_data);

    /* Don't free up default DRBG */
    if (dctx == RAND_DRBG_get_default()) {
        memset(dctx, 0, sizeof(DRBG_CTX));
        dctx->nid = 0;
        dctx->status = DRBG_STATUS_UNINITIALISED;
    } else {
        OPENSSL_cleanse(&dctx->ctr, sizeof(dctx->ctr));
        OPENSSL_free(dctx);
    }
}

/*
 * Instantiate |dctx|, after it has been initialized.  Use |pers| and
 * |perslen| as prediction-resistance input.
 */
int RAND_DRBG_instantiate(DRBG_CTX *dctx,
                          const unsigned char *pers, size_t perslen)
{
    size_t entlen = 0, noncelen = 0;
    unsigned char *nonce = NULL, *entropy = NULL;
    int r = 0;

    if (perslen > dctx->max_pers) {
        r = RAND_R_PERSONALISATION_STRING_TOO_LONG;
        goto end;
    }
    if (dctx->status != DRBG_STATUS_UNINITIALISED) {
        r = dctx->status == DRBG_STATUS_ERROR ? RAND_R_IN_ERROR_STATE
                                              : RAND_R_ALREADY_INSTANTIATED;
        goto end;
    }

    dctx->status = DRBG_STATUS_ERROR;
    entlen = get_entropy(dctx, &entropy, dctx->strength,
                         dctx->min_entropy, dctx->max_entropy);
    if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) {
        r = RAND_R_ERROR_RETRIEVING_ENTROPY;
        goto end;
    }

    if (dctx->max_nonce > 0 && dctx->get_nonce != NULL) {
        noncelen = dctx->get_nonce(dctx, &nonce,
                                   dctx->strength / 2,
                                   dctx->min_nonce, dctx->max_nonce);

        if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce) {
            r = RAND_R_ERROR_RETRIEVING_NONCE;
            goto end;
        }
    }

    if (!ctr_instantiate(dctx, entropy, entlen,
                         nonce, noncelen, pers, perslen)) {
        r = RAND_R_ERROR_INSTANTIATING_DRBG;
        goto end;
    }

    dctx->status = DRBG_STATUS_READY;
    dctx->reseed_counter = 1;

end:
    if (entropy != NULL && dctx->cleanup_entropy != NULL)
        dctx->cleanup_entropy(dctx, entropy, entlen);
    if (nonce != NULL && dctx->cleanup_nonce!= NULL )
        dctx->cleanup_nonce(dctx, nonce, noncelen);
    if (dctx->status == DRBG_STATUS_READY)
        return 1;

    if (r)
        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, r);
    return 0;
}

/*
 * Uninstantiate |dctx|. Must be instantiated before it can be used.
 */
int RAND_DRBG_uninstantiate(DRBG_CTX *dctx)
{
    int ret = ctr_uninstantiate(dctx);

    OPENSSL_cleanse(&dctx->ctr, sizeof(dctx->ctr));
    dctx->status = DRBG_STATUS_UNINITIALISED;
    return ret;
}

/*
 * Mix in the specified data to reseed |dctx|.
 */
int RAND_DRBG_reseed(DRBG_CTX *dctx,
                     const unsigned char *adin, size_t adinlen)
{
    unsigned char *entropy = NULL;
    size_t entlen = 0;
    int r = 0;

    if (dctx->status != DRBG_STATUS_READY
            && dctx->status != DRBG_STATUS_RESEED) {
        if (dctx->status == DRBG_STATUS_ERROR)
            r = RAND_R_IN_ERROR_STATE;
        else if (dctx->status == DRBG_STATUS_UNINITIALISED)
            r = RAND_R_NOT_INSTANTIATED;
        goto end;
    }

    if (adin == NULL)
        adinlen = 0;
    else if (adinlen > dctx->max_adin) {
        r = RAND_R_ADDITIONAL_INPUT_TOO_LONG;
        goto end;
    }

    dctx->status = DRBG_STATUS_ERROR;
    entlen = get_entropy(dctx, &entropy, dctx->strength,
                         dctx->min_entropy, dctx->max_entropy);

    if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) {
        r = RAND_R_ERROR_RETRIEVING_ENTROPY;
        goto end;
    }

    if (!ctr_reseed(dctx, entropy, entlen, adin, adinlen))
        goto end;
    dctx->status = DRBG_STATUS_READY;
    dctx->reseed_counter = 1;

end:
    if (entropy != NULL && dctx->cleanup_entropy != NULL)
        cleanup_entropy(dctx, entropy, entlen);
    if (dctx->status == DRBG_STATUS_READY)
        return 1;
    if (r)
        RANDerr(RAND_F_RAND_DRBG_RESEED, r);

    return 0;
}

/*
 * Generate |outlen| bytes into the buffer at |out|.  Reseed if we need
 * to or if |prediction_resistance| is set.  Additional input can be
 * sent in |adin| and |adinlen|.
 */
int RAND_DRBG_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
                       int prediction_resistance,
                       const unsigned char *adin, size_t adinlen)
{
    int r = 0;

    if (dctx->status != DRBG_STATUS_READY
            && dctx->status != DRBG_STATUS_RESEED) {
        if (dctx->status == DRBG_STATUS_ERROR)
            r = RAND_R_IN_ERROR_STATE;
        else if(dctx->status == DRBG_STATUS_UNINITIALISED)
            r = RAND_R_NOT_INSTANTIATED;
        goto end;
    }

    if (outlen > dctx->max_request) {
        r = RAND_R_REQUEST_TOO_LARGE_FOR_DRBG;
        return 0;
    }
    if (adinlen > dctx->max_adin) {
        r = RAND_R_ADDITIONAL_INPUT_TOO_LONG;
        goto end;
    }

    if (dctx->reseed_counter >= dctx->reseed_interval)
        dctx->status = DRBG_STATUS_RESEED;

    if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance) {
        if (!RAND_DRBG_reseed(dctx, adin, adinlen)) {
            r = RAND_R_RESEED_ERROR;
            goto end;
        }
        adin = NULL;
        adinlen = 0;
    }

    if (!ctr_generate(dctx, out, outlen, adin, adinlen)) {
        r = RAND_R_GENERATE_ERROR;
        dctx->status = DRBG_STATUS_ERROR;
        goto end;
    }
    if (dctx->reseed_counter >= dctx->reseed_interval)
        dctx->status = DRBG_STATUS_RESEED;
    else
        dctx->reseed_counter++;
    return 1;

end:
    RANDerr(RAND_F_RAND_DRBG_GENERATE, r);
    return 0;
}

/*
 * Set the callbacks for entropy and nonce.  Used mainly for the KATs
 */
int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
    size_t (*cb_get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
                             int entropy, size_t min_len, size_t max_len),
    void (*cb_cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
    size_t (*cb_get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
                           int entropy, size_t min_len, size_t max_len),
    void (*cb_cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen))
{
    if (dctx->status != DRBG_STATUS_UNINITIALISED)
        return 0;
    dctx->get_entropy = cb_get_entropy;
    dctx->cleanup_entropy = cb_cleanup_entropy;
    dctx->get_nonce = cb_get_nonce;
    dctx->cleanup_nonce = cb_cleanup_nonce;
    return 1;
}

/*
 * Set the reseed internal. Used mainly for the KATs.
 */
void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval)
{
    dctx->reseed_interval = interval;
}

/*
 * Get and set the EXDATA
 */
int RAND_DRBG_set_ex_data(DRBG_CTX *dctx, int idx, void *arg)
{
    return CRYPTO_set_ex_data(&dctx->ex_data, idx, arg);
}

void *RAND_DRBG_get_ex_data(const DRBG_CTX *dctx, int idx)
{
    return CRYPTO_get_ex_data(&dctx->ex_data, idx);
}
Commit	Line	Data
12fb8c3d RS	1	/*
	2	* Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <string.h>
	11	#include <openssl/crypto.h>
	12	#include <openssl/err.h>
	13	#include <openssl/rand.h>
	14	#include "rand_lcl.h"
	15
	16	/*
	17	* Support framework for NIST SP 800-90A DRBG, AES-CTR mode.
	18	*/
	19
	20	/*
	21	* Get entropy from the existing callback. This is mainly used for KATs.
	22	*/
	23	static size_t get_entropy(DRBG_CTX dctx, unsigned char *pout,
	24	int entropy, size_t min_len, size_t max_len)
	25	{
	26	if (dctx->get_entropy != NULL)
	27	return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
	28	/* TODO: Get from parent if it exists. */
	29	return 0;
	30	}
	31
	32	/*
	33	* Cleanup entropy.
	34	*/
	35	static void cleanup_entropy(DRBG_CTX dctx, unsigned char out, size_t olen)
	36	{
	37	if (dctx->cleanup_entropy != NULL)
	38	dctx->cleanup_entropy(dctx, out, olen);
	39	}
	40
	41	/*
	42	* The OpenSSL model is to have new and free functions, and that new
	43	* does all initialization. That is not the NIST model, which has
	44	* instantiation and un-instantiate, and re-use within a new/free
	45	* lifecycle. (No doubt this comes from the desire to support hardware
	46	* DRBG, where allocation of resources on something like an HSM is
	47	* a much bigger deal than just re-setting an allocated resource.)
	48	*
	49	* The DRBG_CTX is OpenSSL's opaque pointer to an instance of the
	50	* DRBG.
	51	*/
	52
	53	/*
	54	* Set/initialize \|dctx\| to be of type \|nid\|, with optional \|flags\|.
	55	* Return -2 if the type is not supported, 1 on success and -1 on
	56	* failure.
	57	*/
	58	int RAND_DRBG_set(DRBG_CTX *dctx, int nid, unsigned int flags)
	59	{
	60	int ret = 1;
	61
	62	dctx->status = DRBG_STATUS_UNINITIALISED;
	63	dctx->flags = flags;
	64	dctx->nid = nid;
65
66	switch (nid) {
67	default:
68	RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
69	return -2;
70	case 0:
71	/* Uninitialized; that's okay. */
72	return 1;
73	case NID_aes_128_ctr:
74	case NID_aes_192_ctr:
75	case NID_aes_256_ctr:
76	ret = ctr_init(dctx);
77	break;
78	}
79
80	if (ret < 0)
81	RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG);
82	return ret;
83	}
84
85	/*
86	* Allocate memory and initialize a new DRBG. The \|parent\|, if not
87	* NULL, will be used to auto-seed this DRBG_CTX as needed.
88	*/
89	DRBG_CTX RAND_DRBG_new(int type, unsigned int flags, DRBG_CTX parent)
90	{
91	DRBG_CTX dctx = OPENSSL_zalloc(sizeof(dctx));
92
93	if (dctx == NULL) {
94	RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
95	return NULL;
96	}
97
98	dctx->parent = parent;
99	if (RAND_DRBG_set(dctx, type, flags) < 0) {
100	OPENSSL_free(dctx);
101	return NULL;
102	}
103	return dctx;
104	}
105
106	/*
107	* Uninstantiate \|dctx\| and free all memory.
108	*/
109	void RAND_DRBG_free(DRBG_CTX *dctx)
110	{
111	if (dctx == NULL)
112	return;
113
114	ctr_uninstantiate(dctx);
115	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, dctx, &dctx->ex_data);
116
117	/* Don't free up default DRBG */
118	if (dctx == RAND_DRBG_get_default()) {
119	memset(dctx, 0, sizeof(DRBG_CTX));
120	dctx->nid = 0;
121	dctx->status = DRBG_STATUS_UNINITIALISED;
122	} else {
123	OPENSSL_cleanse(&dctx->ctr, sizeof(dctx->ctr));
124	OPENSSL_free(dctx);
125	}
126	}
127
128	/*
129	* Instantiate \|dctx\|, after it has been initialized. Use \|pers\| and
130	* \|perslen\| as prediction-resistance input.
131	*/
132	int RAND_DRBG_instantiate(DRBG_CTX *dctx,
133	const unsigned char *pers, size_t perslen)
134	{
135	size_t entlen = 0, noncelen = 0;
136	unsigned char nonce = NULL, entropy = NULL;
137	int r = 0;
138
139	if (perslen > dctx->max_pers) {
140	r = RAND_R_PERSONALISATION_STRING_TOO_LONG;
141	goto end;
142	}
143	if (dctx->status != DRBG_STATUS_UNINITIALISED) {
144	r = dctx->status == DRBG_STATUS_ERROR ? RAND_R_IN_ERROR_STATE
145	: RAND_R_ALREADY_INSTANTIATED;
146	goto end;
147	}
148
149	dctx->status = DRBG_STATUS_ERROR;
150	entlen = get_entropy(dctx, &entropy, dctx->strength,
151	dctx->min_entropy, dctx->max_entropy);
152	if (entlen < dctx->min_entropy \|\| entlen > dctx->max_entropy) {
153	r = RAND_R_ERROR_RETRIEVING_ENTROPY;
154	goto end;
155	}
156
157	if (dctx->max_nonce > 0 && dctx->get_nonce != NULL) {
158	noncelen = dctx->get_nonce(dctx, &nonce,
159	dctx->strength / 2,
160	dctx->min_nonce, dctx->max_nonce);
161
162	if (noncelen < dctx->min_nonce \|\| noncelen > dctx->max_nonce) {
163	r = RAND_R_ERROR_RETRIEVING_NONCE;
164	goto end;
165	}
166	}
167
168	if (!ctr_instantiate(dctx, entropy, entlen,
169	nonce, noncelen, pers, perslen)) {
170	r = RAND_R_ERROR_INSTANTIATING_DRBG;
171	goto end;
172	}
173
174	dctx->status = DRBG_STATUS_READY;
175	dctx->reseed_counter = 1;
176
177	end:
178	if (entropy != NULL && dctx->cleanup_entropy != NULL)
179	dctx->cleanup_entropy(dctx, entropy, entlen);
180	if (nonce != NULL && dctx->cleanup_nonce!= NULL )
181	dctx->cleanup_nonce(dctx, nonce, noncelen);
182	if (dctx->status == DRBG_STATUS_READY)
183	return 1;
184
185	if (r)
186	RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, r);
187	return 0;
188	}
189
190	/*
191	* Uninstantiate \|dctx\|. Must be instantiated before it can be used.
192	*/
193	int RAND_DRBG_uninstantiate(DRBG_CTX *dctx)
194	{
195	int ret = ctr_uninstantiate(dctx);
196
197	OPENSSL_cleanse(&dctx->ctr, sizeof(dctx->ctr));
198	dctx->status = DRBG_STATUS_UNINITIALISED;
199	return ret;
200	}
201
202	/*
203	* Mix in the specified data to reseed \|dctx\|.
204	*/
205	int RAND_DRBG_reseed(DRBG_CTX *dctx,
206	const unsigned char *adin, size_t adinlen)
207	{
208	unsigned char *entropy = NULL;
209	size_t entlen = 0;
210	int r = 0;
211
212	if (dctx->status != DRBG_STATUS_READY
213	&& dctx->status != DRBG_STATUS_RESEED) {
214	if (dctx->status == DRBG_STATUS_ERROR)
215	r = RAND_R_IN_ERROR_STATE;
216	else if (dctx->status == DRBG_STATUS_UNINITIALISED)
217	r = RAND_R_NOT_INSTANTIATED;
218	goto end;
219	}
220
221	if (adin == NULL)
222	adinlen = 0;
223	else if (adinlen > dctx->max_adin) {
224	r = RAND_R_ADDITIONAL_INPUT_TOO_LONG;
225	goto end;
226	}
227
228	dctx->status = DRBG_STATUS_ERROR;
229	entlen = get_entropy(dctx, &entropy, dctx->strength,
230	dctx->min_entropy, dctx->max_entropy);
231
232	if (entlen < dctx->min_entropy \|\| entlen > dctx->max_entropy) {
233	r = RAND_R_ERROR_RETRIEVING_ENTROPY;
234	goto end;
235	}
236
237	if (!ctr_reseed(dctx, entropy, entlen, adin, adinlen))
238	goto end;
239	dctx->status = DRBG_STATUS_READY;
240	dctx->reseed_counter = 1;
241
242	end:
243	if (entropy != NULL && dctx->cleanup_entropy != NULL)
244	cleanup_entropy(dctx, entropy, entlen);
245	if (dctx->status == DRBG_STATUS_READY)
246	return 1;
247	if (r)
248	RANDerr(RAND_F_RAND_DRBG_RESEED, r);
249
250	return 0;
251	}
252
253	/*
254	* Generate \|outlen\| bytes into the buffer at \|out\|. Reseed if we need
255	* to or if \|prediction_resistance\| is set. Additional input can be
256	* sent in \|adin\| and \|adinlen\|.
257	*/
258	int RAND_DRBG_generate(DRBG_CTX dctx, unsigned char out, size_t outlen,
259	int prediction_resistance,
260	const unsigned char *adin, size_t adinlen)
261	{
262	int r = 0;
263
264	if (dctx->status != DRBG_STATUS_READY
265	&& dctx->status != DRBG_STATUS_RESEED) {
266	if (dctx->status == DRBG_STATUS_ERROR)
267	r = RAND_R_IN_ERROR_STATE;
268	else if(dctx->status == DRBG_STATUS_UNINITIALISED)
269	r = RAND_R_NOT_INSTANTIATED;
270	goto end;
271	}
272
273	if (outlen > dctx->max_request) {
274	r = RAND_R_REQUEST_TOO_LARGE_FOR_DRBG;
275	return 0;
276	}
277	if (adinlen > dctx->max_adin) {
278	r = RAND_R_ADDITIONAL_INPUT_TOO_LONG;
279	goto end;
280	}
281
282	if (dctx->reseed_counter >= dctx->reseed_interval)
283	dctx->status = DRBG_STATUS_RESEED;
284
285	if (dctx->status == DRBG_STATUS_RESEED \|\| prediction_resistance) {
286	if (!RAND_DRBG_reseed(dctx, adin, adinlen)) {
287	r = RAND_R_RESEED_ERROR;
288	goto end;
289	}
290	adin = NULL;
291	adinlen = 0;
292	}
293
294	if (!ctr_generate(dctx, out, outlen, adin, adinlen)) {
295	r = RAND_R_GENERATE_ERROR;
296	dctx->status = DRBG_STATUS_ERROR;
297	goto end;
298	}
299	if (dctx->reseed_counter >= dctx->reseed_interval)
300	dctx->status = DRBG_STATUS_RESEED;
301	else
302	dctx->reseed_counter++;
303	return 1;
304
305	end:
306	RANDerr(RAND_F_RAND_DRBG_GENERATE, r);
307	return 0;
308	}
309
310	/*
311	* Set the callbacks for entropy and nonce. Used mainly for the KATs
312	*/
313	int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
314	size_t (cb_get_entropy)(DRBG_CTX ctx, unsigned char **pout,
315	int entropy, size_t min_len, size_t max_len),
316	void (cb_cleanup_entropy)(DRBG_CTX ctx, unsigned char *out, size_t olen),
317	size_t (cb_get_nonce)(DRBG_CTX ctx, unsigned char **pout,
318	int entropy, size_t min_len, size_t max_len),
319	void (cb_cleanup_nonce)(DRBG_CTX ctx, unsigned char *out, size_t olen))
320	{
321	if (dctx->status != DRBG_STATUS_UNINITIALISED)
322	return 0;
323	dctx->get_entropy = cb_get_entropy;
324	dctx->cleanup_entropy = cb_cleanup_entropy;
325	dctx->get_nonce = cb_get_nonce;
326	dctx->cleanup_nonce = cb_cleanup_nonce;
327	return 1;
328	}
329
330	/*
331	* Set the reseed internal. Used mainly for the KATs.
332	*/
333	void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval)
334	{
335	dctx->reseed_interval = interval;
336	}
337
338	/*
339	* Get and set the EXDATA
340	*/
341	int RAND_DRBG_set_ex_data(DRBG_CTX dctx, int idx, void arg)
342	{
343	return CRYPTO_set_ex_data(&dctx->ex_data, idx, arg);
344	}
345
346	void RAND_DRBG_get_ex_data(const DRBG_CTX dctx, int idx)
347	{
348	return CRYPTO_get_ex_data(&dctx->ex_data, idx);
349	}