On Mon, Jul 14, 2025 at 06:05:29AM +0000, Jain, Harsh (AECG-SSW) wrote: > > There is hkdf.c and kdf_sp800108.c module, Both implements different NIST Specifications and DRBG derivative function represents different NIST Specification. > Moving it to hkdf.c may not be a best fit. How about adding new module for " crypto_drbg_ctr_df ()"? A new module is fine. > > You should also keep the drbg changes to a minimum. > > drbg_ctr_df() needs tfm, blocklen, statelen which is currently derived from struct drbg_state. > If I updated structure drbg_state, It needs code changes in HMAC as well. > To keep code changes minimum, I added required inputs as function arguments. > Do you have any other idea in mind? The existing drbg_ctr_df should become a wrapper around the new df function and all changes should be localised to it. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
