/openssl/crypto/modes/ |
H A D | ccm128.c | 30 memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c)); in CRYPTO_ccm128_init() 54 ctx->nonce.u[1] = 0; in CRYPTO_ccm128_setiv() 62 memcpy(&ctx->nonce.c[1], nonce, 14 - L); in CRYPTO_ccm128_setiv() 156 n |= ctx->nonce.c[i]; in CRYPTO_ccm128_encrypt() 157 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_encrypt() 161 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_encrypt() 210 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_encrypt() 241 ctx->nonce.c[i] = 0; in CRYPTO_ccm128_decrypt() 245 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_decrypt() 334 ctx->nonce.c[15] = 1; in CRYPTO_ccm128_encrypt_ccm64() [all …]
|
H A D | ocb128.c | 221 unsigned char stretch[24], nonce[16]; in CRYPTO_ocb128_setiv() local 236 nonce[0] = ((taglen * 8) % 128) << 1; in CRYPTO_ocb128_setiv() 237 memset(nonce + 1, 0, 15); in CRYPTO_ocb128_setiv() 238 memcpy(nonce + 16 - len, iv, len); in CRYPTO_ocb128_setiv() 239 nonce[15 - len] |= 1; in CRYPTO_ocb128_setiv() 242 memcpy(tmp, nonce, 16); in CRYPTO_ocb128_setiv() 251 bottom = nonce[15] & 0x3f; in CRYPTO_ocb128_setiv()
|
/openssl/doc/man3/ |
H A D | OCSP_request_add1_nonce.pod | 18 OCSP_request_add1_nonce() adds a nonce of value B<val> and length B<len> to 19 OCSP request B<req>. If B<val> is B<NULL> a random nonce is used. If B<len> 23 it adds a nonce to OCSP basic response B<resp>. 25 OCSP_check_nonce() compares the nonce value in B<req> and B<resp>. 27 OCSP_copy_nonce() copies any nonce value present in B<req> to B<resp>. 34 OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce 37 OCSP_check_nonce() returns the result of the nonce comparison between B<req> 46 For most purposes the nonce value in a request is set to a random value so 49 An OCSP nonce is typically added to an OCSP request to thwart replay attacks 50 by checking the same nonce value appears in the response. [all …]
|
H A D | EVP_chacha20.pod | 26 bit nonce. For example a nonce of:
|
/openssl/providers/implementations/ciphers/ |
H A D | cipher_aes_ccm_hw_s390x.inc | 25 sctx->ccm.s390x.nonce.b[0] = ((ctx->l - 1) & 0x7) 27 memset(sctx->ccm.s390x.nonce.b + 1, 0, sizeof(sctx->ccm.s390x.nonce.b)); 40 sctx->ccm.s390x.nonce.g[1] = mlen; 41 memcpy(sctx->ccm.s390x.nonce.b + 1, nonce, 15 - ctx->l); 126 flags = sctx->ccm.s390x.nonce.b[0]; 133 sctx->ccm.s390x.nonce.b[0] = l; 141 n |= sctx->ccm.s390x.nonce.b[i]; 142 sctx->ccm.s390x.nonce.b[i] = 0; 145 n |= sctx->ccm.s390x.nonce.b[15]; 146 sctx->ccm.s390x.nonce.b[15] = 1; [all …]
|
H A D | cipher_chacha20_poly1305_hw.c | 37 ctx->chacha.counter[1] = ctx->nonce[0]; in chacha_poly1305_tls_init() 38 ctx->chacha.counter[2] = ctx->nonce[1] ^ CHACHA_U8TOU32(aad); in chacha_poly1305_tls_init() 39 ctx->chacha.counter[3] = ctx->nonce[2] ^ CHACHA_U8TOU32(aad+4); in chacha_poly1305_tls_init() 52 ctx->nonce[0] = ctx->chacha.counter[1] = CHACHA_U8TOU32(fixed); in chacha_poly1305_tls_iv_set_fixed() 53 ctx->nonce[1] = ctx->chacha.counter[2] = CHACHA_U8TOU32(fixed + 4); in chacha_poly1305_tls_iv_set_fixed() 54 ctx->nonce[2] = ctx->chacha.counter[3] = CHACHA_U8TOU32(fixed + 8); in chacha_poly1305_tls_iv_set_fixed() 99 ctx->nonce[0] = ctx->chacha.counter[1]; in chacha20_poly1305_initiv() 100 ctx->nonce[1] = ctx->chacha.counter[2]; in chacha20_poly1305_initiv() 101 ctx->nonce[2] = ctx->chacha.counter[3]; in chacha20_poly1305_initiv()
|
H A D | ciphercommon_ccm_hw.c | 13 int ossl_ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce, in ossl_ccm_generic_setiv() argument 16 return CRYPTO_ccm128_setiv(&ctx->ccm_ctx, nonce, nlen, mlen) == 0; in ossl_ccm_generic_setiv()
|
/openssl/crypto/ts/ |
H A D | ts_req_utils.c | 100 int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce) in TS_REQ_set_nonce() argument 104 if (a->nonce == nonce) in TS_REQ_set_nonce() 106 new_nonce = ASN1_INTEGER_dup(nonce); in TS_REQ_set_nonce() 111 ASN1_INTEGER_free(a->nonce); in TS_REQ_set_nonce() 112 a->nonce = new_nonce; in TS_REQ_set_nonce() 118 return a->nonce; in TS_REQ_get_nonce()
|
H A D | ts_verify_ctx.c | 94 ASN1_INTEGER_free(ctx->nonce); in TS_VERIFY_CTX_cleanup() 108 const ASN1_INTEGER *nonce; in TS_REQ_to_TS_VERIFY_CTX() local 136 if ((nonce = req->nonce) != NULL) { in TS_REQ_to_TS_VERIFY_CTX() 137 if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) in TS_REQ_to_TS_VERIFY_CTX()
|
H A D | ts_rsp_utils.c | 251 int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce) in TS_TST_INFO_set_nonce() argument 255 if (a->nonce == nonce) in TS_TST_INFO_set_nonce() 257 new_nonce = ASN1_INTEGER_dup(nonce); in TS_TST_INFO_set_nonce() 262 ASN1_INTEGER_free(a->nonce); in TS_TST_INFO_set_nonce() 263 a->nonce = new_nonce; in TS_TST_INFO_set_nonce() 269 return a->nonce; in TS_TST_INFO_get_nonce()
|
H A D | ts_local.h | 46 ASN1_INTEGER *nonce; member 90 ASN1_INTEGER *nonce; member 149 ASN1_INTEGER *nonce; member
|
H A D | ts_req_print.c | 39 if (a->nonce == NULL) in TS_REQ_print_bio() 42 TS_ASN1_INTEGER_print_bio(bio, a->nonce); in TS_REQ_print_bio()
|
/openssl/crypto/poly1305/ |
H A D | poly1305.c | 214 const u32 nonce[4]) in poly1305_emit() 240 h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); in poly1305_emit() 241 h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); in poly1305_emit() 380 const u32 nonce[4]) in poly1305_emit() 414 h0 = (u32)(t = (u64)h0 + nonce[0]); in poly1305_emit() 430 const unsigned int nonce[4]); 435 ctx->nonce[0] = U8TOU32(&key[16]); in Poly1305_Init() 436 ctx->nonce[1] = U8TOU32(&key[20]); in Poly1305_Init() 437 ctx->nonce[2] = U8TOU32(&key[24]); in Poly1305_Init() 438 ctx->nonce[3] = U8TOU32(&key[28]); in Poly1305_Init() [all …]
|
H A D | poly1305_ppc.c | 19 const unsigned int nonce[4]); 24 const unsigned int nonce[4]); 29 const unsigned int nonce[4]);
|
H A D | poly1305_base2_44.c | 135 void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4]) in poly1305_emit() 166 h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); in poly1305_emit() 167 h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); in poly1305_emit()
|
/openssl/crypto/ocsp/ |
H A D | v3_ocsp.c | 23 static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, 25 static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, 34 static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, 215 static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, in i2r_ocsp_nonce() argument 220 if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) in i2r_ocsp_nonce()
|
/openssl/providers/implementations/rands/ |
H A D | test_rng.c | 45 unsigned char *entropy, *nonce; member 72 OPENSSL_free(t->nonce); in test_rng_free() 132 if (t->nonce == NULL || strength > t->strength) in test_rng_nonce() 136 memcpy(out, t->nonce, t->nonce_len); in test_rng_nonce() 200 OPENSSL_free(t->nonce); in test_rng_set_ctx_params() 201 t->nonce = ptr; in test_rng_set_ctx_params()
|
H A D | drbg.c | 359 unsigned char *nonce = NULL, *entropy = NULL; in ossl_prov_drbg_instantiate() local 399 nonce = OPENSSL_malloc(noncelen); in ossl_prov_drbg_instantiate() 400 if (nonce == NULL) { in ossl_prov_drbg_instantiate() 404 if (noncelen != drbg->parent_nonce(drbg->parent, nonce, in ossl_prov_drbg_instantiate() 427 noncelen = prov_drbg_get_nonce(drbg, &nonce, drbg->min_noncelen, in ossl_prov_drbg_instantiate() 454 if (!drbg->instantiate(drbg, entropy, entropylen, nonce, noncelen, in ossl_prov_drbg_instantiate() 468 if (nonce != NULL) in ossl_prov_drbg_instantiate() 469 ossl_prov_cleanup_nonce(drbg->provctx, nonce, noncelen); in ossl_prov_drbg_instantiate() 764 const unsigned char *nonce, size_t noncelen, in ossl_rand_drbg_new() argument
|
/openssl/doc/man7/ |
H A D | EVP_RAND-TEST-RAND.pod | 60 Sets the bytes returned when the test generator is sent a nonce request. 61 Each nonce request will return all of the bytes. 79 unsigned char nonce[20] = { ... }; 90 nonce, sizeof(nonce));
|
/openssl/include/crypto/ |
H A D | poly1305.h | 25 const unsigned int nonce[4]); 32 unsigned int nonce[4]; member
|
/openssl/crypto/ec/curve448/ |
H A D | eddsa.c | 207 uint8_t nonce[2 * EDDSA_448_PRIVATE_BYTES]; in ossl_c448_ed448_sign() local 209 if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce))) in ossl_c448_ed448_sign() 211 ossl_curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce)); in ossl_c448_ed448_sign() 212 OPENSSL_cleanse(nonce, sizeof(nonce)); in ossl_c448_ed448_sign()
|
/openssl/crypto/evp/ |
H A D | e_chacha20_poly1305.c | 155 unsigned int nonce[12/4]; member 192 actx->nonce[0] = actx->key.counter[1]; in chacha20_poly1305_init_key() 193 actx->nonce[1] = actx->key.counter[2]; in chacha20_poly1305_init_key() 194 actx->nonce[2] = actx->key.counter[3]; in chacha20_poly1305_init_key() 546 actx->nonce[0] = actx->key.counter[1] in chacha20_poly1305_ctrl() 548 actx->nonce[1] = actx->key.counter[2] in chacha20_poly1305_ctrl() 550 actx->nonce[2] = actx->key.counter[3] in chacha20_poly1305_ctrl() 593 actx->key.counter[1] = actx->nonce[0]; in chacha20_poly1305_ctrl() 594 actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); in chacha20_poly1305_ctrl() 595 actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); in chacha20_poly1305_ctrl()
|
/openssl/crypto/poly1305/asm/ |
H A D | poly1305-mips.pl | 353 my ($ctx,$mac,$nonce) = ($a0,$a1,$a2); 384 lwu $tmp0,0($nonce) # load nonce 385 lwu $tmp1,4($nonce) 386 lwu $tmp2,8($nonce) 387 lwu $tmp3,12($nonce)
|
H A D | poly1305-armv4.pl | 342 my ($ctx,$mac,$nonce)=map("r$_",(0..2)); 366 ldr $g0,[$nonce,#0] 371 ldr $g1,[$nonce,#4] 376 ldr $g2,[$nonce,#8] 381 ldr $g3,[$nonce,#12] 1195 ldr $g0,[$nonce,#0] 1198 ldr $g1,[$nonce,#4] 1201 ldr $g2,[$nonce,#8] 1204 ldr $g3,[$nonce,#12]
|
/openssl/apps/ |
H A D | ts.c | 558 ASN1_INTEGER *nonce = NULL; in create_nonce() local 570 if ((nonce = ASN1_INTEGER_new()) == NULL) in create_nonce() 572 OPENSSL_free(nonce->data); in create_nonce() 573 nonce->length = len - i; in create_nonce() 574 nonce->data = app_malloc(nonce->length + 1, "nonce buffer"); in create_nonce() 575 memcpy(nonce->data, buf + i, nonce->length); in create_nonce() 576 return nonce; in create_nonce() 580 ASN1_INTEGER_free(nonce); in create_nonce()
|