[IPSEC] esp: Defer output IV initialization to first use.

First of all, if the xfrm_state only gets used for input
packets this entropy is a complete waste.

Secondly, it is often the case that a configuration loads
many rules (perhaps even dynamically) and they don't all
necessarily ever get used.

This get_random_bytes() call was showing up in the profiles
for xfrm_state inserts which is how I noticed this.

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/esp.h b/include/net/esp.h
index 064366d66eead993061d9752958b2d4ee739e3c1..713d039f4af7a61fc59b97d1d0f7c7c22b375dcd 100644 (file)
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -15,13 +15,14 @@ struct esp_data
        struct {
                u8                      *key;           /* Key */
                int                     key_len;        /* Key length */
-               u8                      *ivec;          /* ivec buffer */
+               int                     padlen;         /* 0..255 */
                /* ivlen is offset from enc_data, where encrypted data start.
                 * It is logically different of crypto_tfm_alg_ivsize(tfm).
                 * We assume that it is either zero (no ivec), or
                 * >= crypto_tfm_alg_ivsize(tfm). */
                int                     ivlen;
-               int                     padlen;         /* 0..255 */
+               int                     ivinitted;
+               u8                      *ivec;          /* ivec buffer */
                struct crypto_blkcipher *tfm;           /* crypto handle */
        } conf;
 

diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index e87377e1d6b64cd299a215ee32d60a9d139a317d..13b29360d102f1c463fce57d4d24992a6117ba27 100644 (file)
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -95,8 +95,13 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
        esph->seq_no = htonl(++x->replay.oseq);
        xfrm_aevent_doreplay(x);
 
-       if (esp->conf.ivlen)
+       if (esp->conf.ivlen) {
+               if (unlikely(!esp->conf.ivinitted)) {
+                       get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
+                       esp->conf.ivinitted = 1;
+               }
                crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
+       }
 
        do {
                struct scatterlist *sg = &esp->sgbuf[0];
@@ -378,7 +383,7 @@ static int esp_init_state(struct xfrm_state *x)
                esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL);
                if (unlikely(esp->conf.ivec == NULL))
                        goto error;
-               get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
+               esp->conf.ivinitted = 0;
        }
        if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
                goto error;

diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index ae50b95111510cb2c978fd93d0ffa0a69fc1d93d..e78680a9985b2cf86a1b6671c1a73a258973a57c 100644 (file)
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -99,8 +99,13 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
        esph->seq_no = htonl(++x->replay.oseq);
        xfrm_aevent_doreplay(x);
 
-       if (esp->conf.ivlen)
+       if (esp->conf.ivlen) {
+               if (unlikely(!esp->conf.ivinitted)) {
+                       get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
+                       esp->conf.ivinitted = 1;
+               }
                crypto_blkcipher_set_iv(tfm, esp->conf.ivec, esp->conf.ivlen);
+       }
 
        do {
                struct scatterlist *sg = &esp->sgbuf[0];
@@ -353,7 +358,7 @@ static int esp6_init_state(struct xfrm_state *x)
                esp->conf.ivec = kmalloc(esp->conf.ivlen, GFP_KERNEL);
                if (unlikely(esp->conf.ivec == NULL))
                        goto error;
-               get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
+               esp->conf.ivinitted = 0;
        }
        if (crypto_blkcipher_setkey(tfm, esp->conf.key, esp->conf.key_len))
                goto error;