The crypto akcipher interface has exactly one user, the keyring subsystem. That user only deals with kernel pointers, not SG lists. Therefore the use of SG lists in the akcipher interface is completely pointless. As there is only one user, changing it isn't that hard. This patch series is a first step in that direction. It introduces a new interface for encryption and decryption without SG lists: int crypto_akcipher_sync_encrypt(struct crypto_akcipher *tfm, const void *src, unsigned int slen, void *dst, unsigned int dlen); int crypto_akcipher_sync_decrypt(struct crypto_akcipher *tfm, const void *src, unsigned int slen, void *dst, unsigned int dlen); I've decided to split out signing and verification because most (all but one) of our signature algorithms do not support encryption or decryption. These can now be accessed through the dsa interface: int crypto_dsa_sign(struct crypto_dsa *tfm, const void *src, unsigned int slen, void *dst, unsigned int dlen); int crypto_dsa_verify(struct crypto_dsa *tfm, const void *src, unsigned int slen, const void *digest, unsigned int dlen); The keyring system has been converted to this interface. The next step would be to convert the code within the Crypto API so that SG lists are not used at all on the software path. This would eliminate the unnecessary copying that currently happens. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt