Am Donnerstag, 2. Juni 2016, 17:42:11 schrieb Herbert Xu: Hi Herbert, > On Thu, Jun 02, 2016 at 11:31:22AM +0200, Stephan Mueller wrote: > > The skcipher API, however, wants to encrypt an entire input data stream. > > That means the skcipher API requires the length of the input data stream > > to generate an equally sized output data stream. But that is not what we > > have here -- there is no input data. I.e. the skcipher API invokes the > > CTR mode for the stream cipher and performs the final XOR of the CTR > > stream with the input data. > > Just use an input stream of zeros. I am working on it. During the analysis, I saw, however, that the DRBG increments the counter before the encryption whereas the the CTR mode increments it after the encryption. I could of course adjust the handling in the code, but this would be a real hack IMHO. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html