drbg_hash.c - OpenGrok cross reference for /freebsd/crypto/openssl/providers/implementations/rands/drbg

Lines Matching +full:in3 +full:- +full:in2
2  * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
38 /* 888 bits from SP800-90Ar1 10.1 table 2 */
41 /* 440 bits from SP800-90Ar1 10.1 table 2 */
59  * SP800-90Ar1 10.3.1 Derivation function using a Hash Function (Hash_df).
61  *    inbyte - An optional leading byte (ignore if equal to INBYTE_IGNORE)
62  *    in - input string 1 (A Non NULL value).
63  *    in2 - optional input string (Can be NULL).
64  *    in3 - optional input string (Can be NULL).
70                    const unsigned char *in2, size_t in2len,
71                    const unsigned char *in3, size_t in3len)
73     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
74     EVP_MD_CTX *ctx = hash->ctx;
75     unsigned char *vtmp = hash->vtmp;
79     size_t outlen = drbg->seedlen;
100          * (Step 4.1) out = out || Hash(tmp || in || [in2] || [in3])
103         if (!(EVP_DigestInit_ex(ctx, ossl_prov_digest_md(&hash->digest), NULL)
106                 && (in2 == NULL || EVP_DigestUpdate(ctx, in2, in2len))
107                 && (in3 == NULL || EVP_DigestUpdate(ctx, in3, in3len))))
110         if (outlen < hash->blocklen) {
114             OPENSSL_cleanse(vtmp, hash->blocklen);
120         outlen -= hash->blocklen;
125         out += hash->blocklen;
142  * where dst size is drbg->seedlen, and inlen <= drbg->seedlen.
152     assert(drbg->seedlen >= 1 && inlen >= 1 && inlen <= drbg->seedlen);
154     d = &dst[drbg->seedlen - 1];
155     add = &in[inlen - 1];
157     for (i = inlen; i > 0; i--, d--, add--) {
165         for (i = drbg->seedlen - inlen; i > 0; --i, d--) {
178     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
179     EVP_MD_CTX *ctx = hash->ctx;
181     return EVP_DigestInit_ex(ctx, ossl_prov_digest_md(&hash->digest), NULL)
183            && EVP_DigestUpdate(ctx, hash->V, drbg->seedlen)
185            && EVP_DigestFinal(ctx, hash->vtmp, NULL)
186            && add_bytes(drbg, hash->V, hash->vtmp, hash->blocklen);
190  * The Hashgen() as listed in SP800-90Ar1 10.1.1.4 Hash_DRBG_Generate_Process.
209     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
214     memcpy(hash->vtmp, hash->V, drbg->seedlen);
216         if (!EVP_DigestInit_ex(hash->ctx, ossl_prov_digest_md(&hash->digest),
218                 || !EVP_DigestUpdate(hash->ctx, hash->vtmp, drbg->seedlen))
221         if (outlen < hash->blocklen) {
222             if (!EVP_DigestFinal(hash->ctx, hash->vtmp, NULL))
224             memcpy(out, hash->vtmp, outlen);
227             if (!EVP_DigestFinal(hash->ctx, out, NULL))
229             outlen -= hash->blocklen;
232             out += hash->blocklen;
234         add_bytes(drbg, hash->vtmp, &one, 1);
240  * SP800-90Ar1 10.1.1.2 Hash_DRBG_Instantiate_Process:
253     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
255     EVP_MD_CTX_free(hash->ctx);
256     hash->ctx = EVP_MD_CTX_new();
258     /* (Step 1-3) V = Hash_df(entropy||nonce||pers, seedlen) */
259     return hash->ctx != NULL
260            && hash_df(drbg, hash->V, INBYTE_IGNORE,
263            && hash_df1(drbg, hash->C, 0x00, hash->V, drbg->seedlen);
281  * SP800-90Ar1 10.1.1.3 Hash_DRBG_Reseed_Process:
292     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
294     /* (Step 1-2) V = Hash_df(0x01 || V || entropy_input || additional_input) */
296     if (!hash_df(drbg, hash->C, 0x01, hash->V, drbg->seedlen, ent, ent_len,
299     memcpy(hash->V, hash->C, drbg->seedlen);
301     return hash_df1(drbg, hash->C, 0x00, hash->V, drbg->seedlen);
315  * SP800-90Ar1 10.1.1.4 Hash_DRBG_Generate_Process:
327     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
329     int reseed_counter = drbg->generate_counter;
336     return hash->ctx != NULL
347            && add_bytes(drbg, hash->V, hash->C, drbg->seedlen)
349            && add_bytes(drbg, hash->V, counter, 4);
364     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
366     OPENSSL_cleanse(hash->V, sizeof(hash->V));
367     OPENSSL_cleanse(hash->C, sizeof(hash->C));
368     OPENSSL_cleanse(hash->vtmp, sizeof(hash->vtmp));
380     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
382     PROV_DRBG_VERYIFY_ZEROIZATION(hash->V);
383     PROV_DRBG_VERYIFY_ZEROIZATION(hash->C);
384     PROV_DRBG_VERYIFY_ZEROIZATION(hash->vtmp);
398     ctx->data = hash;
399     ctx->seedlen = HASH_PRNG_MAX_SEEDLEN;
400     ctx->max_entropylen = DRBG_MAX_LENGTH;
401     ctx->max_noncelen = DRBG_MAX_LENGTH;
402     ctx->max_perslen = DRBG_MAX_LENGTH;
403     ctx->max_adinlen = DRBG_MAX_LENGTH;
406     ctx->max_request = 1 << 16;
424     if (drbg != NULL && (hash = (PROV_DRBG_HASH *)drbg->data) != NULL) {
425         EVP_MD_CTX_free(hash->ctx);
426         ossl_prov_digest_reset(&hash->digest);
435     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data;
441         md = ossl_prov_digest_md(&hash->digest);
463     PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)ctx->data;
464     OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
467     if (!ossl_prov_digest_load_from_params(&hash->digest, params, libctx))
470     md = ossl_prov_digest_md(&hash->digest);
477         /* These are taken from SP 800-90 10.1 Table 2 */
478         hash->blocklen = EVP_MD_get_size(md);
479         /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
480         ctx->strength = 64 * (hash->blocklen >> 3);
481         if (ctx->strength > 256)
482             ctx->strength = 256;
483         if (hash->blocklen > MAX_BLOCKLEN_USING_SMALL_SEEDLEN)
484             ctx->seedlen = HASH_PRNG_MAX_SEEDLEN;
486             ctx->seedlen = HASH_PRNG_SMALL_SEEDLEN;
488         ctx->min_entropylen = ctx->strength / 8;
489         ctx->min_noncelen = ctx->min_entropylen / 2;