As I'm working on a back-end driver to plug into /dev/crypto, I'm
wondering if there's any intended size limit for the data block passed
with a CIOCCRYPT operation, or, at another layer, passed into the back
end as crp->crp_ilen. The existing drivers seem to just return ENOMEM
if they, say, run out of scatter-gather descriptors for the underlying
hardware, and the layer above it just passes that back to
userland. This means that some chunks of a given size will work and
some won't, depending on their offset within a page, whether the pages
happen to be physically contiguous, and so on.

Is this deliberate? Should the pseudo-device be helping out here and
breaking down requests into multiple passes if the back-end can't
handle, say, 128k at once? Or should there just be some
guaranteed-minimum documented for the ioctl that's within the
capabilities of all reasonable hardware?

        - Nathan