Chuck Lever III <chuck.lever@xxxxxxxxxx> wrote: > > int crypto_krb5_decrypt(const struct krb5_enctype *krb5, > > struct krb5_enc_keys *keys, > > struct scatterlist *sg, unsigned int nr_sg, > > So are we going to stick with struct scatterlist here, > or should it be rather an iterator of some kind? For my purposes, a scatterlist is more useful as I have an skbuff to work with - plus I have to pass a scatterlist into the crypto functions inside of the krb5 lib. > It's not clear why something like this would need to be > exposed to crypto/krb5 consumers. There are a few items > in here that XDR needs to know about (lengths and such) > but that kind of thing can be provided by a function > call rather than by having direct access to a structure. Fair point. In rxgk, I use key_len, key_bytes, block_len, cksum_len plus the name for procfs purposes. I also wonder if I need separate key_len and key_bytes if I'm not supporting DES (DES keys gets expanded IIRC). Also, some of the checks I'm doing could perhaps be moved into the krb5 lib. The krb5 selftest code makes use of more of the fields, but I guess that's internal to krb5lib. David