On Tue, Jan 26, 2016 at 07:20:59AM +0100, Stephan Mueller wrote: > > +/* > + * Implementation of the KDF in counter mode according to SP800-108 section 5.1. > + * > + * The caller must provide Label || 0x00 || Context in src. This src pointer > + * may also be NULL if the caller wishes not to provide anything. > + */ > +static int crypto_kdf_ctr_random(struct crypto_rng *rng, > + const u8 *src, unsigned int slen, > + u8 *dst, unsigned int dlen) > +{ > + struct crypto_kdf_ctx *ctx = crypto_tfm_ctx(crypto_rng_tfm(rng)); > + struct shash_desc *desc = &ctx->shash; > + unsigned int h = crypto_shash_digestsize(desc->tfm); > + int err = 0; > + u8 *dst_orig = dst; > + u32 i = 1; > + u8 iteration[sizeof(u32)]; > + > + /* enforce the note from above */ > + if (dlen != h && src == dst) > + return -EINVAL; Why is this an RNG? It always produces exactly h bytes so it looks like a hash function to me, no? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html