On Thu, Jun 02, 2016 at 05:12:20PM +0200, Stephan Mueller wrote: > > The KDFs are usually used for output sizes between one and 4 keys. So, > commonly it is expected that not more than 200 or 300 bytes are generated by > one call. But you cannot be sure how much data a user wants. The spec allows > that the user generates up to 2^50 or so bytes. The implementation I offer is > limited to unsigned int bytes. > > Note, if one would implement a key ladder, it can be expected that many keys > are generated from one KDF seed. > > I tried to avoid memcpy for speed purposes. And all the user needs to do is to > not invoke an in-place crypto operation. > > Maybe I should copy the input data into a private memory location so that the > KDF can be used like any other cipher: the caller uses a reference to the > instance to generate data where the caller does not need to ensure that some > initial data must be left at some specific place. OK. I don't think the RNG API really guarantees that you can do in-place generation anyway. So don't even bother checking for src == dst. When you submit this again can you please send it along with a user? Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html