/openssl/crypto/modes/ |
H A D | ccm128.c | 30 memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c)); in CRYPTO_ccm128_init() 54 ctx->nonce.u[1] = 0; in CRYPTO_ccm128_setiv() 62 memcpy(&ctx->nonce.c[1], nonce, 14 - L); in CRYPTO_ccm128_setiv() 156 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_encrypt() 157 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_encrypt() 161 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_encrypt() 210 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_encrypt() 241 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_decrypt() 245 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_decrypt() 334 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_encrypt_ccm64() [all …]
|
H A D | ocb128.c | 217 unsigned char stretch[24], nonce[16]; in CRYPTO_ocb128_setiv() local 232 nonce[0] = ((taglen * 8) % 128) << 1; in CRYPTO_ocb128_setiv() 233 memset(nonce + 1, 0, 15); in CRYPTO_ocb128_setiv() 234 memcpy(nonce + 16 - len, iv, len); in CRYPTO_ocb128_setiv() 235 nonce[15 - len] |= 1; in CRYPTO_ocb128_setiv() 238 memcpy(tmp, nonce, 16); in CRYPTO_ocb128_setiv() 247 bottom = nonce[15] & 0x3f; in CRYPTO_ocb128_setiv()
|
/openssl/doc/man3/ |
H A D | OCSP_request_add1_nonce.pod | 18 OCSP_request_add1_nonce() adds a nonce of value B<val> and length B<len> to 19 OCSP request B<req>. If B<val> is B<NULL> a random nonce is used. If B<len> 23 it adds a nonce to OCSP basic response B<resp>. 25 OCSP_check_nonce() compares the nonce value in B<req> and B<resp>. 27 OCSP_copy_nonce() copies any nonce value present in B<req> to B<resp>. 34 OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce 37 OCSP_check_nonce() returns the result of the nonce comparison between B<req> 46 For most purposes the nonce value in a request is set to a random value so 49 An OCSP nonce is typically added to an OCSP request to thwart replay attacks 50 by checking the same nonce value appears in the response. [all …]
|
H A D | EVP_chacha20.pod | 26 bit nonce. For example a nonce of: 51 uses a 32 bit counter and a 96 bit nonce for the IV.
|
/openssl/providers/implementations/ciphers/ |
H A D | cipher_aes_ccm_hw_s390x.inc | 25 sctx->ccm.s390x.nonce.b[0] = ((ctx->l - 1) & 0x7) 27 memset(sctx->ccm.s390x.nonce.b + 1, 0, sizeof(sctx->ccm.s390x.nonce.b)); 40 sctx->ccm.s390x.nonce.g[1] = mlen; 41 memcpy(sctx->ccm.s390x.nonce.b + 1, nonce, 15 - ctx->l); 126 flags = sctx->ccm.s390x.nonce.b[0]; 133 sctx->ccm.s390x.nonce.b[0] = l; 141 n |= sctx->ccm.s390x.nonce.b[i]; 142 sctx->ccm.s390x.nonce.b[i] = 0; 145 n |= sctx->ccm.s390x.nonce.b[15]; 146 sctx->ccm.s390x.nonce.b[15] = 1; [all …]
|
H A D | cipher_chacha20_poly1305_hw.c | 37 ctx->chacha.counter[1] = ctx->nonce[0]; in chacha_poly1305_tls_init() 38 ctx->chacha.counter[2] = ctx->nonce[1] ^ CHACHA_U8TOU32(aad); in chacha_poly1305_tls_init() 39 ctx->chacha.counter[3] = ctx->nonce[2] ^ CHACHA_U8TOU32(aad+4); in chacha_poly1305_tls_init() 52 ctx->nonce[0] = ctx->chacha.counter[1] = CHACHA_U8TOU32(fixed); in chacha_poly1305_tls_iv_set_fixed() 53 ctx->nonce[1] = ctx->chacha.counter[2] = CHACHA_U8TOU32(fixed + 4); in chacha_poly1305_tls_iv_set_fixed() 54 ctx->nonce[2] = ctx->chacha.counter[3] = CHACHA_U8TOU32(fixed + 8); in chacha_poly1305_tls_iv_set_fixed() 98 ctx->nonce[0] = ctx->chacha.counter[1]; in chacha20_poly1305_initiv() 99 ctx->nonce[1] = ctx->chacha.counter[2]; in chacha20_poly1305_initiv() 100 ctx->nonce[2] = ctx->chacha.counter[3]; in chacha20_poly1305_initiv()
|
H A D | ciphercommon_ccm_hw.c | 13 int ossl_ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce, in ossl_ccm_generic_setiv() argument 16 return CRYPTO_ccm128_setiv(&ctx->ccm_ctx, nonce, nlen, mlen) == 0; in ossl_ccm_generic_setiv()
|
/openssl/crypto/ts/ |
H A D | ts_req_utils.c | 100 int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce) in TS_REQ_set_nonce() argument 104 if (a->nonce == nonce) in TS_REQ_set_nonce() 106 new_nonce = ASN1_INTEGER_dup(nonce); in TS_REQ_set_nonce() 111 ASN1_INTEGER_free(a->nonce); in TS_REQ_set_nonce() 112 a->nonce = new_nonce; in TS_REQ_set_nonce() 118 return a->nonce; in TS_REQ_get_nonce()
|
H A D | ts_verify_ctx.c | 130 ASN1_INTEGER_free(ctx->nonce); in TS_VERIFY_CTX_cleanup() 144 const ASN1_INTEGER *nonce; in TS_REQ_to_TS_VERIFY_CTX() local 172 if ((nonce = req->nonce) != NULL) { in TS_REQ_to_TS_VERIFY_CTX() 173 if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) in TS_REQ_to_TS_VERIFY_CTX()
|
H A D | ts_rsp_utils.c | 251 int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce) in TS_TST_INFO_set_nonce() argument 255 if (a->nonce == nonce) in TS_TST_INFO_set_nonce() 257 new_nonce = ASN1_INTEGER_dup(nonce); in TS_TST_INFO_set_nonce() 262 ASN1_INTEGER_free(a->nonce); in TS_TST_INFO_set_nonce() 263 a->nonce = new_nonce; in TS_TST_INFO_set_nonce() 269 return a->nonce; in TS_TST_INFO_get_nonce()
|
H A D | ts_local.h | 46 ASN1_INTEGER *nonce; member 90 ASN1_INTEGER *nonce; member 149 ASN1_INTEGER *nonce; member
|
H A D | ts_req_print.c | 39 if (a->nonce == NULL) in TS_REQ_print_bio() 42 TS_ASN1_INTEGER_print_bio(bio, a->nonce); in TS_REQ_print_bio()
|
/openssl/crypto/poly1305/ |
H A D | poly1305.c | 214 const u32 nonce[4]) in poly1305_emit() 240 h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); in poly1305_emit() 241 h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); in poly1305_emit() 380 const u32 nonce[4]) in poly1305_emit() 414 h0 = (u32)(t = (u64)h0 + nonce[0]); in poly1305_emit() 430 const unsigned int nonce[4]); 435 ctx->nonce[0] = U8TOU32(&key[16]); in Poly1305_Init() 436 ctx->nonce[1] = U8TOU32(&key[20]); in Poly1305_Init() 437 ctx->nonce[2] = U8TOU32(&key[24]); in Poly1305_Init() 438 ctx->nonce[3] = U8TOU32(&key[28]); in Poly1305_Init() [all …]
|
H A D | poly1305_ppc.c | 19 const unsigned int nonce[4]); 24 const unsigned int nonce[4]); 29 const unsigned int nonce[4]);
|
H A D | poly1305_base2_44.c | 135 void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4]) in poly1305_emit() 166 h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); in poly1305_emit() 167 h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); in poly1305_emit()
|
/openssl/providers/implementations/kdfs/ |
H A D | hmacdrbg_kdf.c | 35 unsigned char *entropy, *nonce; member 65 OPENSSL_clear_free(ctx->nonce, ctx->noncelen); in hmac_drbg_kdf_reset() 104 || !ossl_prov_memdup(src->nonce, src->noncelen, in hmac_drbg_kdf_dup() 105 &dst->nonce, &dst->noncelen)) in hmac_drbg_kdf_dup() 128 || ctx->nonce == NULL in hmac_drbg_kdf_derive() 131 ctx->nonce, ctx->noncelen, NULL, 0)) in hmac_drbg_kdf_derive() 206 OPENSSL_free(hmac->nonce); in hmac_drbg_kdf_set_ctx_params() 207 hmac->nonce = ptr; in hmac_drbg_kdf_set_ctx_params()
|
/openssl/ssl/record/methods/ |
H A D | tls13_meth.c | 37 rl->nonce = OPENSSL_malloc(ivlen); in tls13_set_crypto_state() 38 if (rl->nonce == NULL) in tls13_set_crypto_state() 94 unsigned char *nonce; in tls13_cipher() local 111 nonce = rl->nonce; in tls13_cipher() 161 memcpy(nonce, staticiv, offset); in tls13_cipher() 163 nonce[offset + loop] = staticiv[offset + loop] ^ seq[loop]; in tls13_cipher() 187 || !EVP_MAC_update(mac_ctx, nonce, nonce_len) in tls13_cipher() 215 if (EVP_CipherInit_ex(enc_ctx, NULL, NULL, NULL, nonce, sending) <= 0 in tls13_cipher()
|
/openssl/doc/man7/ |
H A D | EVP_RAND-TEST-RAND.pod | 62 Sets the bytes returned when the test generator is sent a nonce request. 63 Each nonce request will return all of the bytes. 67 If this parameter is zero, it will only emit the nonce and entropy data 88 unsigned char nonce[20] = { ... }; 99 nonce, sizeof(nonce));
|
H A D | EVP_KDF-HMAC-DRBG.pod | 11 to L<EVP_RAND-HMAC-DRBG(7)>, but uses fixed values for its entropy and nonce 12 values. This is used to generate deterministic nonce value required by ECDSA 36 =item "nonce" (B<OSSL_KDF_PARAM_HMACDRBG_NONCE>) <octet string> 38 Sets the nonce bytes supplied to the HMAC-DRBG.
|
/openssl/crypto/ocsp/ |
H A D | v3_ocsp.c | 23 static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, 25 static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, 34 static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, 215 static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, in i2r_ocsp_nonce() argument 220 if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) in i2r_ocsp_nonce()
|
/openssl/crypto/ec/curve448/ |
H A D | eddsa.c | 203 uint8_t nonce[2 * EDDSA_448_PRIVATE_BYTES]; in ossl_c448_ed448_sign() local 205 if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce))) in ossl_c448_ed448_sign() 207 ossl_curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce)); in ossl_c448_ed448_sign() 208 OPENSSL_cleanse(nonce, sizeof(nonce)); in ossl_c448_ed448_sign()
|
/openssl/providers/implementations/rands/ |
H A D | test_rng.c | 48 unsigned char *entropy, *nonce; member 76 OPENSSL_free(t->nonce); in test_rng_free() 175 if (t->nonce == NULL) in test_rng_nonce() 178 memcpy(out, t->nonce, t->nonce_len); in test_rng_nonce() 254 OPENSSL_free(t->nonce); in test_rng_set_ctx_params() 255 t->nonce = ptr; in test_rng_set_ctx_params()
|
/openssl/include/crypto/ |
H A D | poly1305.h | 25 const unsigned int nonce[4]); 32 unsigned int nonce[4]; member
|
/openssl/crypto/evp/ |
H A D | e_chacha20_poly1305.c | 155 unsigned int nonce[12/4]; member 192 actx->nonce[0] = actx->key.counter[1]; in chacha20_poly1305_init_key() 193 actx->nonce[1] = actx->key.counter[2]; in chacha20_poly1305_init_key() 194 actx->nonce[2] = actx->key.counter[3]; in chacha20_poly1305_init_key() 546 actx->nonce[0] = actx->key.counter[1] in chacha20_poly1305_ctrl() 548 actx->nonce[1] = actx->key.counter[2] in chacha20_poly1305_ctrl() 550 actx->nonce[2] = actx->key.counter[3] in chacha20_poly1305_ctrl() 593 actx->key.counter[1] = actx->nonce[0]; in chacha20_poly1305_ctrl() 594 actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); in chacha20_poly1305_ctrl() 595 actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); in chacha20_poly1305_ctrl()
|
/openssl/crypto/poly1305/asm/ |
H A D | poly1305-mips.pl | 353 my ($ctx,$mac,$nonce) = ($a0,$a1,$a2); 384 lwu $tmp0,0($nonce) # load nonce 385 lwu $tmp1,4($nonce) 386 lwu $tmp2,8($nonce) 387 lwu $tmp3,12($nonce)
|