aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/esp.h
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2006-09-22 18:17:35 -0400
committerDavid S. Miller <davem@davemloft.net>2006-09-22 18:17:35 -0400
commite4bec827feda76d5e7417a2696a75424834d564f (patch)
treebd899e0c2fbf7f6dd1d33ce0610d88fc4a8864ee /include/net/esp.h
parent44e36b42a8378be1dcf7e6f8a1cb2710a8903387 (diff)
[IPSEC] esp: Defer output IV initialization to first use.
First of all, if the xfrm_state only gets used for input packets this entropy is a complete waste. Secondly, it is often the case that a configuration loads many rules (perhaps even dynamically) and they don't all necessarily ever get used. This get_random_bytes() call was showing up in the profiles for xfrm_state inserts which is how I noticed this. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/esp.h')
-rw-r--r--include/net/esp.h5
1 files changed, 3 insertions, 2 deletions
diff --git a/include/net/esp.h b/include/net/esp.h
index 064366d66eea..713d039f4af7 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -15,13 +15,14 @@ struct esp_data
15 struct { 15 struct {
16 u8 *key; /* Key */ 16 u8 *key; /* Key */
17 int key_len; /* Key length */ 17 int key_len; /* Key length */
18 u8 *ivec; /* ivec buffer */ 18 int padlen; /* 0..255 */
19 /* ivlen is offset from enc_data, where encrypted data start. 19 /* ivlen is offset from enc_data, where encrypted data start.
20 * It is logically different of crypto_tfm_alg_ivsize(tfm). 20 * It is logically different of crypto_tfm_alg_ivsize(tfm).
21 * We assume that it is either zero (no ivec), or 21 * We assume that it is either zero (no ivec), or
22 * >= crypto_tfm_alg_ivsize(tfm). */ 22 * >= crypto_tfm_alg_ivsize(tfm). */
23 int ivlen; 23 int ivlen;
24 int padlen; /* 0..255 */ 24 int ivinitted;
25 u8 *ivec; /* ivec buffer */
25 struct crypto_blkcipher *tfm; /* crypto handle */ 26 struct crypto_blkcipher *tfm; /* crypto handle */
26 } conf; 27 } conf;
27 28