[IPSEC] esp: Defer output IV initialization to first use.

First of all, if the xfrm_state only gets used for input
packets this entropy is a complete waste.

Secondly, it is often the case that a configuration loads
many rules (perhaps even dynamically) and they don't all
necessarily ever get used.

This get_random_bytes() call was showing up in the profiles
for xfrm_state inserts which is how I noticed this.

Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 3 insertions, 2 deletions

diff --git a/include/net/esp.h b/include/net/esp.h
index 064366d66eea..713d039f4af7 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -15,13 +15,14 @@ struct esp_data
         struct {
                 u8                      *key;           /* Key */
                 int                     key_len;        /* Key length */
-                u8                      *ivec;          /* ivec buffer */
+                int                     padlen;         /* 0..255 */
                 /* ivlen is offset from enc_data, where encrypted data start.
                  * It is logically different of crypto_tfm_alg_ivsize(tfm).
                  * We assume that it is either zero (no ivec), or
                  * >= crypto_tfm_alg_ivsize(tfm). */
                 int                     ivlen;
-                int                     padlen;         /* 0..255 */
+                int                     ivinitted;
+                u8                      *ivec;          /* ivec buffer */
                 struct crypto_blkcipher *tfm;           /* crypto handle */
         } conf;