64  * SP800-90Ar1 10.3.1 Derivation function using a Hash Function (Hash_df).
78     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in hash_df()  local
79     EVP_MD_CTX *ctx = hash->ctx;  in hash_df()
80     unsigned char *vtmp = hash->vtmp;  in hash_df()
105          * (Step 4.1) out = out || Hash(tmp || in || [in2] || [in3])  in hash_df()
108         if (!(EVP_DigestInit_ex(ctx, ossl_prov_digest_md(&hash->digest), NULL)  in hash_df()
115         if (outlen < hash->blocklen) {  in hash_df()
119             OPENSSL_cleanse(vtmp, hash->blocklen);  in hash_df()
125         outlen -= hash->blocklen;  in hash_df()
130         out += hash->blocklen;  in hash_df()
179 /* V = (V + Hash(inbyte || V  || [additional_input]) mod (2^seedlen) */
183     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in add_hash_to_v()  local
184     EVP_MD_CTX *ctx = hash->ctx;  in add_hash_to_v()
186     return EVP_DigestInit_ex(ctx, ossl_prov_digest_md(&hash->digest), NULL)  in add_hash_to_v()
188            && EVP_DigestUpdate(ctx, hash->V, drbg->seedlen)  in add_hash_to_v()
190            && EVP_DigestFinal(ctx, hash->vtmp, NULL)  in add_hash_to_v()
191            && add_bytes(drbg, hash->V, hash->vtmp, hash->blocklen);  in add_hash_to_v()
205  *        W = W || Hash(data)
214     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in hash_gen()  local
219     memcpy(hash->vtmp, hash->V, drbg->seedlen);  in hash_gen()
221         if (!EVP_DigestInit_ex(hash->ctx, ossl_prov_digest_md(&hash->digest),  in hash_gen()
223                 || !EVP_DigestUpdate(hash->ctx, hash->vtmp, drbg->seedlen))  in hash_gen()
226         if (outlen < hash->blocklen) {  in hash_gen()
227             if (!EVP_DigestFinal(hash->ctx, hash->vtmp, NULL))  in hash_gen()
229             memcpy(out, hash->vtmp, outlen);  in hash_gen()
232             if (!EVP_DigestFinal(hash->ctx, out, NULL))  in hash_gen()
234             outlen -= hash->blocklen;  in hash_gen()
237             out += hash->blocklen;  in hash_gen()
239         add_bytes(drbg, hash->vtmp, &one, 1);  in hash_gen()
258     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in drbg_hash_instantiate()  local
260     EVP_MD_CTX_free(hash->ctx);  in drbg_hash_instantiate()
261     hash->ctx = EVP_MD_CTX_new();  in drbg_hash_instantiate()
264     return hash->ctx != NULL  in drbg_hash_instantiate()
265            && hash_df(drbg, hash->V, INBYTE_IGNORE,  in drbg_hash_instantiate()
268            && hash_df1(drbg, hash->C, 0x00, hash->V, drbg->seedlen);  in drbg_hash_instantiate()
306     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in drbg_hash_reseed()  local
310     if (!hash_df(drbg, hash->C, 0x01, hash->V, drbg->seedlen, ent, ent_len,  in drbg_hash_reseed()
313     memcpy(hash->V, hash->C, drbg->seedlen);  in drbg_hash_reseed()
315     return hash_df1(drbg, hash->C, 0x00, hash->V, drbg->seedlen);  in drbg_hash_reseed()
341     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in drbg_hash_generate()  local
350     return hash->ctx != NULL  in drbg_hash_generate()
352            /* (Step 2) if adin != NULL then V = V + Hash(0x02||V||adin) */  in drbg_hash_generate()
357            /* (Step 4/5) H = V = (V + Hash(0x03||V) mod (2^seedlen_bits) */  in drbg_hash_generate()
361            && add_bytes(drbg, hash->V, hash->C, drbg->seedlen)  in drbg_hash_generate()
363            && add_bytes(drbg, hash->V, counter, 4);  in drbg_hash_generate()
378     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in drbg_hash_uninstantiate()  local
380     OPENSSL_cleanse(hash->V, sizeof(hash->V));  in drbg_hash_uninstantiate()
381     OPENSSL_cleanse(hash->C, sizeof(hash->C));  in drbg_hash_uninstantiate()
382     OPENSSL_cleanse(hash->vtmp, sizeof(hash->vtmp));  in drbg_hash_uninstantiate()
405     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in drbg_hash_verify_zeroization()  local
411     PROV_DRBG_VERIFY_ZEROIZATION(hash->V);  in drbg_hash_verify_zeroization()
412     PROV_DRBG_VERIFY_ZEROIZATION(hash->C);  in drbg_hash_verify_zeroization()
413     PROV_DRBG_VERIFY_ZEROIZATION(hash->vtmp);  in drbg_hash_verify_zeroization()
424     PROV_DRBG_HASH *hash;  in drbg_hash_new()  local
426     hash = OPENSSL_secure_zalloc(sizeof(*hash));  in drbg_hash_new()
427     if (hash == NULL)  in drbg_hash_new()
432     ctx->data = hash;  in drbg_hash_new()
456     PROV_DRBG_HASH *hash;  in drbg_hash_free()  local
458     if (drbg != NULL && (hash = (PROV_DRBG_HASH *)drbg->data) != NULL) {  in drbg_hash_free()
459         EVP_MD_CTX_free(hash->ctx);  in drbg_hash_free()
460         ossl_prov_digest_reset(&hash->digest);  in drbg_hash_free()
461         OPENSSL_secure_clear_free(hash, sizeof(*hash));  in drbg_hash_free()
469     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;  in drbg_hash_get_ctx_params()  local
485         md = ossl_prov_digest_md(&hash->digest);  in drbg_hash_get_ctx_params()
554     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)ctx->data;  in drbg_hash_set_ctx_params_locked()  local
569         if (!ossl_prov_digest_load_from_params(&hash->digest, params, libctx))  in drbg_hash_set_ctx_params_locked()
574             ossl_prov_digest_set_md(&hash->digest, prov_md);  in drbg_hash_set_ctx_params_locked()
577     md = ossl_prov_digest_md(&hash->digest);  in drbg_hash_set_ctx_params_locked()
586         hash->blocklen = md_size;  in drbg_hash_set_ctx_params_locked()
588         ctx->strength = 64 * (hash->blocklen >> 3);  in drbg_hash_set_ctx_params_locked()
591         if (hash->blocklen > MAX_BLOCKLEN_USING_SMALL_SEEDLEN)  in drbg_hash_set_ctx_params_locked()