From: Piotr Azarewicz Date: Wed, 25 May 2016 13:34:52 +0000 (+0200) Subject: examples/l2fwd-crypto: improve random key generator X-Git-Tag: spdx-start~6149 X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=6dad6e692bd74ea8ade42dd3c8a27264027c659c;p=dpdk.git examples/l2fwd-crypto: improve random key generator This patch improve generate_random_key() function by replacing rand() function with reading from /dev/urandom. CID 120136 : Calling risky function (DC.WEAK_CRYPTO) dont_call: rand should not be used for security related applications, as linear congruential algorithms are too easy to break Coverity issue: 120136 Signed-off-by: Piotr Azarewicz Acked-by: Declan Doherty --- diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index a1ce7127ed..dd39cc16c1 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -45,6 +45,8 @@ #include #include #include +#include +#include #include #include @@ -588,10 +590,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid) static void generate_random_key(uint8_t *key, unsigned length) { - unsigned i; + int fd; + int ret; + + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); - for (i = 0; i < length; i++) - key[i] = rand() % 0xff; + ret = read(fd, key, length); + close(fd); + + if (ret != (signed)length) + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); } static struct rte_cryptodev_sym_session * @@ -1195,8 +1205,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options, static void l2fwd_crypto_default_options(struct l2fwd_crypto_options *options) { - srand(time(NULL)); - options->portmask = 0xffffffff; options->nb_ports_per_lcore = 1; options->refresh_period = 10000;