[IPSEC] esp: Defer output IV initialization to first use.

First of all, if the xfrm_state only gets used for input packets this entropy is a complete waste. Secondly, it is often the case that a configuration loads many rules (perhaps even dynamically) and they don't all necessarily ever get used. This get_random_bytes() call was showing up in the profiles for xfrm_state inserts which is how I noticed this. Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2006-09-23 02:17:35 +0400
committer: David S. Miller <davem@davemloft.net> 2006-09-23 02:17:35 +0400
commit: e4bec827feda76d5e7417a2696a75424834d564f (patch)
tree: bd899e0c2fbf7f6dd1d33ce0610d88fc4a8864ee /include/net/esp.h
parent: 44e36b42a8378be1dcf7e6f8a1cb2710a8903387 (diff)
download: linux-e4bec827feda76d5e7417a2696a75424834d564f.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/include/net/esp.h b/include/net/esp.h
index 064366d66eea..713d039f4af7 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -15,13 +15,14 @@ struct esp_data
 	struct {
 		u8			*key;		/* Key */
 		int			key_len;	/* Key length */
-		u8			*ivec;		/* ivec buffer */
+		int			padlen;		/* 0..255 */
 		/* ivlen is offset from enc_data, where encrypted data start.
 		 * It is logically different of crypto_tfm_alg_ivsize(tfm).
 		 * We assume that it is either zero (no ivec), or
 		 * >= crypto_tfm_alg_ivsize(tfm). */
 		int			ivlen;
-		int			padlen;		/* 0..255 */
+		int			ivinitted;
+		u8			*ivec;		/* ivec buffer */
 		struct crypto_blkcipher	*tfm;		/* crypto handle */
 	} conf;
author	David S. Miller <davem@davemloft.net>	2006-09-23 02:17:35 +0400
committer	David S. Miller <davem@davemloft.net>	2006-09-23 02:17:35 +0400
commit	e4bec827feda76d5e7417a2696a75424834d564f (patch)
tree	bd899e0c2fbf7f6dd1d33ce0610d88fc4a8864ee /include/net/esp.h
parent	44e36b42a8378be1dcf7e6f8a1cb2710a8903387 (diff)
download	linux-e4bec827feda76d5e7417a2696a75424834d564f.tar.xz