lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 24 May 2007 17:15:30 -0700
From:	Mark Huth <>
To:	Herbert Xu <>
Subject: Re: [PATCH][af_key]pfkey_add: Optimize SA adds and algorithm probes

Herbert Xu wrote:
> On Fri, May 18, 2007 at 02:34:12PM +1000, Herbert Xu wrote:
>> Actually, I think we should just probe for the specific algorithm
>> requested rather than everything.  See patch below.
> Doh, forgot to actually remove the probe call :)
> [IPSEC] pfkey: Load specific algorithm in pfkey_add rather than all
> This is a natural extension of the changeset
>     [XFRM]: Probe selected algorithm only.
> which only removed the probe call for xfrm_user.  This patch does exactly
> the same thing for af_key.  In other words, we load the algorithm requested
> by the user rather than everything when adding xfrm states in af_key.
> Signed-off-by: Herbert Xu <>
> Cheers,

[... snip]


I can verify that this works.  The test adds 2000 instances of SAs using
hmac-md5 for authentication and rijndael-cbc for encryption.
Test output is:

root@....168.150.94:~# lsmod
Module                  Size  Used by
root@....168.150.94:~#time setkey -f SA_test.txt

real    0m1.072s
user    0m0.048s
sys     0m0.632s
Module                  Size  Used by
twofish                10112  0
twofish_common         40192  1 twofish
camellia               32768  0
serpent                25216  0
blowfish                9984  0
ecb                     3712  0
aes                    28864  2000
xcbc                    5768  0
sha256                 12416  0
crypto_null             3456  0


Prior to the patch time was over 42 seconds (possibly longer on 2.6.21).

I'm a bit curious why all of the crypto modules got loaded, but it 
doesn't matter.

Thanks for the patch.

Mark Huth
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists