examples/l2fwd-crypto: improve random key generator

This patch improve generate_random_key() function by replacing rand()
function with reading from /dev/urandom.

CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
dont_call: rand should not be used for security related applications, as
linear congruential algorithms are too easy to break

Coverity issue: 120136

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index a1ce712..dd39cc1 100644 (file)
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -45,6 +45,8 @@
 #include <ctype.h>
 #include <errno.h>
 #include <getopt.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 #include <rte_atomic.h>
 #include <rte_branch_prediction.h>
@@ -588,10 +590,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid)
 static void
 generate_random_key(uint8_t *key, unsigned length)
 {
-       unsigned i;
+       int fd;
+       int ret;
+
+       fd = open("/dev/urandom", O_RDONLY);
+       if (fd < 0)
+               rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
 
-       for (i = 0; i < length; i++)
-               key[i] = rand() % 0xff;
+       ret = read(fd, key, length);
+       close(fd);
+
+       if (ret != (signed)length)
+               rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
 }
 
 static struct rte_cryptodev_sym_session *
@@ -1195,8 +1205,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options,
 static void
 l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 {
-       srand(time(NULL));
-
        options->portmask = 0xffffffff;
        options->nb_ports_per_lcore = 1;
        options->refresh_period = 10000;