From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <slawomirx.mrozowicz@intel.com>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by dpdk.org (Postfix) with ESMTP id EFFFB9A9A
 for <dev@dpdk.org>; Tue,  7 Jun 2016 15:17:47 +0200 (CEST)
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by orsmga101.jf.intel.com with ESMTP; 07 Jun 2016 06:17:01 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.26,433,1459839600"; d="scan'208";a="715233659"
Received: from irsmsx153.ger.corp.intel.com ([163.33.192.75])
 by FMSMGA003.fm.intel.com with ESMTP; 07 Jun 2016 06:17:00 -0700
Received: from irsmsx103.ger.corp.intel.com ([169.254.3.240]) by
 IRSMSX153.ger.corp.intel.com ([169.254.9.105]) with mapi id 14.03.0248.002;
 Tue, 7 Jun 2016 14:16:59 +0100
From: "Mrozowicz, SlawomirX" <slawomirx.mrozowicz@intel.com>
To: "Gonzalez Monroy, Sergio" <sergio.gonzalez.monroy@intel.com>
CC: "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [PATCH] examples/ipsec-secgw: Calling risky function
Thread-Index: AQHRwJKvf6b+LMOt3Eq/g3152qIfgp/dl5cAgABkPsA=
Date: Tue, 7 Jun 2016 13:16:59 +0000
Message-ID: <158888A50F43E34AAE179517F56C97455BBA95@IRSMSX103.ger.corp.intel.com>
References: <1465289886-14479-1-git-send-email-slawomirx.mrozowicz@intel.com>
 <48bb7dd9-a8cb-167a-ce7c-868427be578b@intel.com>
In-Reply-To: <48bb7dd9-a8cb-167a-ce7c-868427be578b@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [163.33.239.181]
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2016 13:17:48 -0000


>-----Original Message-----
>From: Gonzalez Monroy, Sergio
>Sent: Tuesday, June 7, 2016 10:15 AM
>To: Mrozowicz, SlawomirX <slawomirx.mrozowicz@intel.com>
>Cc: dev@dpdk.org
>Subject: Re: [PATCH] examples/ipsec-secgw: Calling risky function
>
>On 07/06/2016 09:58, Slawomir Mrozowicz wrote:
>> lrand48 should not be used for security related applications, as
>> linear congruential algorithms are too easy to break.
>> Used a compliant random number generator /dev/urandom.
>>
>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample
>> application") Coverity ID 124558
>>
>> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
>> ---
>
>I understand that lrand48 is not crypto secure, but this fix will kill per=
formance.
>
>I already have a solution for this issue to be included in the next IPSec =
patch
>set that will also add support for GCM/CTR modes.
>
>Sergio

Thanks for your reply.
So for now I propose to set this problem as intentional in the Coverity too=
l.

S=B3awomir