diff options
author | David S. Miller <davem@davemloft.net> | 2006-09-22 18:17:35 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-09-22 18:17:35 -0400 |
commit | e4bec827feda76d5e7417a2696a75424834d564f (patch) | |
tree | bd899e0c2fbf7f6dd1d33ce0610d88fc4a8864ee /include/net/esp.h | |
parent | 44e36b42a8378be1dcf7e6f8a1cb2710a8903387 (diff) |
[IPSEC] esp: Defer output IV initialization to first use.
First of all, if the xfrm_state only gets used for input
packets this entropy is a complete waste.
Secondly, it is often the case that a configuration loads
many rules (perhaps even dynamically) and they don't all
necessarily ever get used.
This get_random_bytes() call was showing up in the profiles
for xfrm_state inserts which is how I noticed this.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/esp.h')
-rw-r--r-- | include/net/esp.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/include/net/esp.h b/include/net/esp.h index 064366d66eea..713d039f4af7 100644 --- a/include/net/esp.h +++ b/include/net/esp.h | |||
@@ -15,13 +15,14 @@ struct esp_data | |||
15 | struct { | 15 | struct { |
16 | u8 *key; /* Key */ | 16 | u8 *key; /* Key */ |
17 | int key_len; /* Key length */ | 17 | int key_len; /* Key length */ |
18 | u8 *ivec; /* ivec buffer */ | 18 | int padlen; /* 0..255 */ |
19 | /* ivlen is offset from enc_data, where encrypted data start. | 19 | /* ivlen is offset from enc_data, where encrypted data start. |
20 | * It is logically different of crypto_tfm_alg_ivsize(tfm). | 20 | * It is logically different of crypto_tfm_alg_ivsize(tfm). |
21 | * We assume that it is either zero (no ivec), or | 21 | * We assume that it is either zero (no ivec), or |
22 | * >= crypto_tfm_alg_ivsize(tfm). */ | 22 | * >= crypto_tfm_alg_ivsize(tfm). */ |
23 | int ivlen; | 23 | int ivlen; |
24 | int padlen; /* 0..255 */ | 24 | int ivinitted; |
25 | u8 *ivec; /* ivec buffer */ | ||
25 | struct crypto_blkcipher *tfm; /* crypto handle */ | 26 | struct crypto_blkcipher *tfm; /* crypto handle */ |
26 | } conf; | 27 | } conf; |
27 | 28 | ||