From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 1E3292C31 for ; Wed, 13 Jul 2016 17:58:51 +0200 (CEST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP; 13 Jul 2016 08:58:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,357,1464678000"; d="scan'208";a="1006104630" Received: from dwdohert-dpdk.ir.intel.com ([163.33.210.152]) by fmsmga001.fm.intel.com with ESMTP; 13 Jul 2016 08:58:50 -0700 To: Thomas Monjalon References: <1464183292-24280-1-git-send-email-piotrx.t.azarewicz@intel.com> <21237364.CLn9ZV8ln9@xps13> <4837007523CC9A4B9414D20C13DE6E64136D27B2@IRSMSX102.ger.corp.intel.com> <1838303.IRcXQLJGt7@xps13> Cc: "Azarewicz, PiotrX T" , dev@dpdk.org From: Declan Doherty Message-ID: <8e1ab920-576e-39dc-93c2-ef97b9f94a51@intel.com> Date: Wed, 13 Jul 2016 16:54:18 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <1838303.IRcXQLJGt7@xps13> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2016 15:58:52 -0000 On 07/11/2016 03:17 PM, Thomas Monjalon wrote: > 2016-06-08 07:46, Azarewicz, PiotrX T: >>> 2016-05-25 15:34, Piotr Azarewicz: >>>> This patch improve generate_random_key() function by replacing rand() >>>> function with reading from /dev/urandom. >>>> >>>> CID 120136 : Calling risky function (DC.WEAK_CRYPTO) >>>> dont_call: rand should not be used for security related applications, >>>> as linear congruential algorithms are too easy to break >>>> >>>> Coverity issue: 120136 >>>> >>>> Signed-off-by: Piotr Azarewicz >>> >>> Is it relevant for this example? >> >> Maybe not. But it don't break anything, and in the end make Coverity tool happy. >> >> Declan, please share your opinion. > > Declan? > sorry I'm missed this thread. While not strictly necessary for the example app, I don't see a problem applying it, as coverity points out it is a bad idea to use rand() for crypto purposes. Declan