From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 737F3377C for ; Wed, 25 May 2016 15:29:34 +0200 (CEST) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP; 25 May 2016 06:29:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,364,1459839600"; d="scan'208";a="984429647" Received: from gklab-246-018.igk.intel.com (HELO stargo) ([10.217.246.18]) by orsmga002.jf.intel.com with SMTP; 25 May 2016 06:29:31 -0700 Received: by stargo (sSMTP sendmail emulation); Wed, 25 May 2016 15:35:01 +0200 From: Piotr Azarewicz To: dev@dpdk.org, declan.doherty@intel.com Cc: Piotr Azarewicz Date: Wed, 25 May 2016 15:34:52 +0200 Message-Id: <1464183292-24280-1-git-send-email-piotrx.t.azarewicz@intel.com> X-Mailer: git-send-email 1.9.1 Subject: [dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2016 13:29:34 -0000 This patch improve generate_random_key() function by replacing rand() function with reading from /dev/urandom. CID 120136 : Calling risky function (DC.WEAK_CRYPTO) dont_call: rand should not be used for security related applications, as linear congruential algorithms are too easy to break Coverity issue: 120136 Signed-off-by: Piotr Azarewicz --- examples/l2fwd-crypto/main.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index d18c813..e1f0a1e 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -45,6 +45,8 @@ #include #include #include +#include +#include #include #include @@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid) static void generate_random_key(uint8_t *key, unsigned length) { - unsigned i; + int fd; + int ret; + + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); - for (i = 0; i < length; i++) - key[i] = rand() % 0xff; + ret = read(fd, key, length); + close(fd); + + if (ret != (signed)length) + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); } static struct rte_cryptodev_sym_session * @@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options, static void l2fwd_crypto_default_options(struct l2fwd_crypto_options *options) { - srand(time(NULL)); - options->portmask = 0xffffffff; options->nb_ports_per_lcore = 1; options->refresh_period = 10000; -- 1.7.9.5