23 static void inc_128(RAND_DRBG_CTR *ctr)  in inc_128()  argument
25     unsigned char *p = &ctr->V[0];  in inc_128()
36 static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)  in ctr_XOR()  argument
47     n = inlen < ctr->keylen ? inlen : ctr->keylen;  in ctr_XOR()
49         ctr->K[i] ^= in[i];  in ctr_XOR()
50     if (inlen <= ctr->keylen)  in ctr_XOR()
53     n = inlen - ctr->keylen;  in ctr_XOR()
59         ctr->V[i] ^= in[i + ctr->keylen];  in ctr_XOR()
65 __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out,  in ctr_BCC_block()  argument
73     if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len)  in ctr_BCC_block()
83 __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in)  in ctr_BCC_blocks()  argument
90     if (ctr->keylen != 16) {  in ctr_BCC_blocks()
94     return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk);  in ctr_BCC_blocks()
101 __owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr)  in ctr_BCC_init()  argument
106     memset(ctr->KX, 0, 48);  in ctr_BCC_init()
107     num_of_blk = ctr->keylen == 16 ? 2 : 3;  in ctr_BCC_init()
110     return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE);  in ctr_BCC_init()
116 __owur static int ctr_BCC_update(RAND_DRBG_CTR *ctr,  in ctr_BCC_update()  argument
123     if (ctr->bltmp_pos) {  in ctr_BCC_update()
124         size_t left = 16 - ctr->bltmp_pos;  in ctr_BCC_update()
128             memcpy(ctr->bltmp + ctr->bltmp_pos, in, left);  in ctr_BCC_update()
129             if (!ctr_BCC_blocks(ctr, ctr->bltmp))  in ctr_BCC_update()
131             ctr->bltmp_pos = 0;  in ctr_BCC_update()
139         if (!ctr_BCC_blocks(ctr, in))  in ctr_BCC_update()
145         memcpy(ctr->bltmp + ctr->bltmp_pos, in, inlen);  in ctr_BCC_update()
146         ctr->bltmp_pos += inlen;  in ctr_BCC_update()
151 __owur static int ctr_BCC_final(RAND_DRBG_CTR *ctr)  in ctr_BCC_final()  argument
153     if (ctr->bltmp_pos) {  in ctr_BCC_final()
154         memset(ctr->bltmp + ctr->bltmp_pos, 0, 16 - ctr->bltmp_pos);  in ctr_BCC_final()
155         if (!ctr_BCC_blocks(ctr, ctr->bltmp))  in ctr_BCC_final()
161 __owur static int ctr_df(RAND_DRBG_CTR *ctr,  in ctr_df()  argument
168     unsigned char *p = ctr->bltmp;  in ctr_df()
171     if (!ctr_BCC_init(ctr))  in ctr_df()
190     *p = (unsigned char)((ctr->keylen + 16) & 0xff);  in ctr_df()
191     ctr->bltmp_pos = 8;  in ctr_df()
192     if (!ctr_BCC_update(ctr, in1, in1len)  in ctr_df()
193         || !ctr_BCC_update(ctr, in2, in2len)  in ctr_df()
194         || !ctr_BCC_update(ctr, in3, in3len)  in ctr_df()
195         || !ctr_BCC_update(ctr, &c80, 1)  in ctr_df()
196         || !ctr_BCC_final(ctr))  in ctr_df()
199     if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1))  in ctr_df()
202     if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen,  in ctr_df()
206     if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX,  in ctr_df()
210     if (ctr->keylen != 16)  in ctr_df()
211         if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen,  in ctr_df()
212                               ctr->KX + 16, AES_BLOCK_SIZE)  in ctr_df()
229     RAND_DRBG_CTR *ctr = &drbg->data.ctr;  in ctr_update()  local
235     memcpy(V_tmp, ctr->V, 16);  in ctr_update()
236     inc_128(ctr);  in ctr_update()
237     memcpy(V_tmp + 16, ctr->V, 16);  in ctr_update()
238     if (ctr->keylen == 16) {  in ctr_update()
241         inc_128(ctr);  in ctr_update()
242         memcpy(V_tmp + 32, ctr->V, 16);  in ctr_update()
245     if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len)  in ctr_update()
248     memcpy(ctr->K, out, ctr->keylen);  in ctr_update()
249     memcpy(ctr->V, out + ctr->keylen, 16);  in ctr_update()
254             if (!ctr_df(ctr, in1, in1len, nonce, noncelen, in2, in2len))  in ctr_update()
258             ctr_XOR(ctr, ctr->KX, drbg->seedlen);  in ctr_update()
260         ctr_XOR(ctr, in1, in1len);  in ctr_update()
261         ctr_XOR(ctr, in2, in2len);  in ctr_update()
264     if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)  in ctr_update()
265         || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1))  in ctr_update()
275     RAND_DRBG_CTR *ctr = &drbg->data.ctr;  in drbg_ctr_instantiate()  local
280     memset(ctr->K, 0, sizeof(ctr->K));  in drbg_ctr_instantiate()
281     memset(ctr->V, 0, sizeof(ctr->V));  in drbg_ctr_instantiate()
282     if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1))  in drbg_ctr_instantiate()
285     inc_128(ctr);  in drbg_ctr_instantiate()
295     RAND_DRBG_CTR *ctr = &drbg->data.ctr;  in drbg_ctr_reseed()  local
300     inc_128(ctr);  in drbg_ctr_reseed()
322     RAND_DRBG_CTR *ctr = &drbg->data.ctr;  in drbg_ctr_generate()  local
327         inc_128(ctr);  in drbg_ctr_generate()
340     inc_128(ctr);  in drbg_ctr_generate()
343         inc_128(ctr);  in drbg_ctr_generate()
353         if (!EVP_CipherInit_ex(ctr->ctx_ctr,  in drbg_ctr_generate()
354                                NULL, NULL, NULL, ctr->V, -1))  in drbg_ctr_generate()
367         ctr32 = GETU32(ctr->V + 12) + blocks;  in drbg_ctr_generate()
375             ctr96_inc(ctr->V);  in drbg_ctr_generate()
377         PUTU32(ctr->V + 12, ctr32);  in drbg_ctr_generate()
379         if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen)  in drbg_ctr_generate()
394     EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb);  in drbg_ctr_uninstantiate()
395     EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr);  in drbg_ctr_uninstantiate()
396     EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df);  in drbg_ctr_uninstantiate()
397     OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr));  in drbg_ctr_uninstantiate()
410     RAND_DRBG_CTR *ctr = &drbg->data.ctr;  in drbg_ctr_init()  local
419         ctr->cipher_ecb = EVP_aes_128_ecb();  in drbg_ctr_init()
420         ctr->cipher_ctr = EVP_aes_128_ctr();  in drbg_ctr_init()
424         ctr->cipher_ecb = EVP_aes_192_ecb();  in drbg_ctr_init()
425         ctr->cipher_ctr = EVP_aes_192_ctr();  in drbg_ctr_init()
429         ctr->cipher_ecb = EVP_aes_256_ecb();  in drbg_ctr_init()
430         ctr->cipher_ctr = EVP_aes_256_ctr();  in drbg_ctr_init()
436     ctr->keylen = keylen;  in drbg_ctr_init()
437     if (ctr->ctx_ecb == NULL)  in drbg_ctr_init()
438         ctr->ctx_ecb = EVP_CIPHER_CTX_new();  in drbg_ctr_init()
439     if (ctr->ctx_ctr == NULL)  in drbg_ctr_init()
440         ctr->ctx_ctr = EVP_CIPHER_CTX_new();  in drbg_ctr_init()
441     if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL  in drbg_ctr_init()
442         || !EVP_CipherInit_ex(ctr->ctx_ecb,  in drbg_ctr_init()
443                               ctr->cipher_ecb, NULL, NULL, NULL, 1)  in drbg_ctr_init()
444         || !EVP_CipherInit_ex(ctr->ctx_ctr,  in drbg_ctr_init()
445                               ctr->cipher_ctr, NULL, NULL, NULL, 1))  in drbg_ctr_init()
461         if (ctr->ctx_df == NULL)  in drbg_ctr_init()
462             ctr->ctx_df = EVP_CIPHER_CTX_new();  in drbg_ctr_init()
463         if (ctr->ctx_df == NULL)  in drbg_ctr_init()
466         if (!EVP_CipherInit_ex(ctr->ctx_df,  in drbg_ctr_init()
467                                ctr->cipher_ecb, NULL, df_key, NULL, 1))  in drbg_ctr_init()
470         drbg->min_entropylen = ctr->keylen;  in drbg_ctr_init()