From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <piotrx.t.azarewicz@intel.com>
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by dpdk.org (Postfix) with ESMTP id 737F3377C
 for <dev@dpdk.org>; Wed, 25 May 2016 15:29:34 +0200 (CEST)
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by fmsmga101.fm.intel.com with ESMTP; 25 May 2016 06:29:33 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.26,364,1459839600"; d="scan'208";a="984429647"
Received: from gklab-246-018.igk.intel.com (HELO stargo) ([10.217.246.18])
 by orsmga002.jf.intel.com with SMTP; 25 May 2016 06:29:31 -0700
Received: by stargo (sSMTP sendmail emulation); Wed, 25 May 2016 15:35:01 +0200
From: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
To: dev@dpdk.org,
	declan.doherty@intel.com
Cc: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Date: Wed, 25 May 2016 15:34:52 +0200
Message-Id: <1464183292-24280-1-git-send-email-piotrx.t.azarewicz@intel.com>
X-Mailer: git-send-email 1.9.1
Subject: [dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key
	generator
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2016 13:29:34 -0000

This patch improve generate_random_key() function by replacing rand()
function with reading from /dev/urandom.

CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
dont_call: rand should not be used for security related applications, as
linear congruential algorithms are too easy to break

Coverity issue: 120136

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
---
 examples/l2fwd-crypto/main.c |   18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index d18c813..e1f0a1e 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -45,6 +45,8 @@
 #include <ctype.h>
 #include <errno.h>
 #include <getopt.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 #include <rte_atomic.h>
 #include <rte_branch_prediction.h>
@@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid)
 static void
 generate_random_key(uint8_t *key, unsigned length)
 {
-	unsigned i;
+	int fd;
+	int ret;
+
+	fd = open("/dev/urandom", O_RDONLY);
+	if (fd < 0)
+		rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
 
-	for (i = 0; i < length; i++)
-		key[i] = rand() % 0xff;
+	ret = read(fd, key, length);
+	close(fd);
+
+	if (ret != (signed)length)
+		rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
 }
 
 static struct rte_cryptodev_sym_session *
@@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options,
 static void
 l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 {
-	srand(time(NULL));
-
 	options->portmask = 0xffffffff;
 	options->nb_ports_per_lcore = 1;
 	options->refresh_period = 10000;
-- 
1.7.9.5