From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 3B422376D for ; Wed, 13 Jul 2016 18:00:24 +0200 (CEST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP; 13 Jul 2016 09:00:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,357,1464678000"; d="scan'208";a="1006105884" Received: from dwdohert-dpdk.ir.intel.com ([163.33.210.152]) by fmsmga001.fm.intel.com with ESMTP; 13 Jul 2016 09:00:15 -0700 To: Piotr Azarewicz , dev@dpdk.org References: <1464183292-24280-1-git-send-email-piotrx.t.azarewicz@intel.com> From: Declan Doherty Message-ID: <592ce77e-576f-d17d-d0b6-c9caed081c3c@intel.com> Date: Wed, 13 Jul 2016 16:55:43 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <1464183292-24280-1-git-send-email-piotrx.t.azarewicz@intel.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2016 16:00:25 -0000 On 05/25/2016 02:34 PM, Piotr Azarewicz wrote: > This patch improve generate_random_key() function by replacing rand() > function with reading from /dev/urandom. > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > dont_call: rand should not be used for security related applications, as > linear congruential algorithms are too easy to break > > Coverity issue: 120136 > > Signed-off-by: Piotr Azarewicz > --- > examples/l2fwd-crypto/main.c | 18 +++++++++++++----- > 1 file changed, 13 insertions(+), 5 deletions(-) > > diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c > index d18c813..e1f0a1e 100644 > --- a/examples/l2fwd-crypto/main.c > +++ b/examples/l2fwd-crypto/main.c > @@ -45,6 +45,8 @@ > #include > #include > #include > +#include > +#include > > #include > #include > @@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid) > static void > generate_random_key(uint8_t *key, unsigned length) > { > - unsigned i; > + int fd; > + int ret; > + > + fd = open("/dev/urandom", O_RDONLY); > + if (fd < 0) > + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); > > - for (i = 0; i < length; i++) > - key[i] = rand() % 0xff; > + ret = read(fd, key, length); > + close(fd); > + > + if (ret != (signed)length) > + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); > } > > static struct rte_cryptodev_sym_session * > @@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options, > static void > l2fwd_crypto_default_options(struct l2fwd_crypto_options *options) > { > - srand(time(NULL)); > - > options->portmask = 0xffffffff; > options->nb_ports_per_lcore = 1; > options->refresh_period = 10000; > Acked-by: Declan Doherty