kcapi_cipher_stream_update - Man Page

send more data for processing (stream)


ssize_t kcapi_cipher_stream_update(struct kcapi_handle * handle, struct iovec * iov, size_t iovlen);



[in] cipher handle


[in] scatter/gather list with data to be processed by the cipher operation.


[in] number of scatter/gather list elements.


Using this function call, more plaintext for encryption or ciphertext for decryption can be submitted to the kernel.

This function may cause the caller to sleep if the kernel buffer holding the data is getting full. The process will be woken up once more buffer space becomes available by calling kcapi_cipher_stream_op.


with the separate API calls of kcapi_cipher_stream_update and kcapi_cipher_stream_op a multi-threaded application can be implemented where one thread sends data to be processed and one thread picks up data processed by the cipher operation.

Important Note

The kernel will only process sysconf(_SC_PAGESIZE) * ALG_MAX_PAGES at one time. If your input data is larger than this threshold, you MUST segment it into chunks of at most sysconf(_SC_PAGESIZE) * ALG_MAX_PAGES and invoke the kcapi_cipher_stream_update on that segment followed by kcapi_cipher_stream_op before the next chunk is processed. If this rule is not obeyed, the thread invoking kcapi_cipher_stream_update will be put to sleep until another thread invokes kcapi_cipher_stream_op.


The memory referenced by iov is not accessed by the kernel during this call. The memory is first accessed when kcapi_cipher_stream_op is called. Thus, you MUST make sure that the referenced memory is still present at the time kcapi_cipher_stream_op is called.

return number of bytes sent to the kernel upon success; a negative errno-style error code if an error occurred


Stephan Mueller <smueller@chronox.de>



July 2021 libkcapi Manual 1.3.1 Programming Interface