That would probably require one more parameter to cin_encrypt/cia_decrypt, something like "nblocks" which currently is always 1 and one more struct crypto_alg field that would help upper level to decide how many blocks it can safely encrypt/decrypt() at a time before crypto_yield(). This value depends on algorithm speed and should be chosen to make overhead smaller. It could be > 1 even for fast block ciphers and should be > 1 for stream ciphers.Is there any better way to use crypto api for arc4 or similar ciphers? Cipher block size is not always a natural choice for the crypto_yield(). Especially for fast ciphers (arc4) and small "block" sizes (arc4 again).
ARC4 is a bit strange because it's a stream cipher. I guess we could add another encryption mode 'stream' which is optimized for one byte at a time operation.
- James