[dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function

Slawomir Mrozowicz slawomirx.mrozowicz at intel.com
Tue Jun 7 10:58:06 CEST 2016

Previous message: [dpdk-dev] [PATCH] doc/tespmd: fix flow director examples
Next message: [dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

lrand48 should not be used for security related applications,
as linear congruential algorithms are too easy to break.
Used a compliant random number generator /dev/urandom.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Coverity ID 124558

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz at intel.com>
---
 examples/ipsec-secgw/esp.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 0f6b33e..f3c4687 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -55,16 +55,17 @@
 static inline void
 random_iv_u64(uint64_t *buf, uint16_t n)
 {
-	unsigned left = n & 0x7;
-	unsigned i;
+	int res = 0;
+	FILE *fp;
 
-	RTE_ASSERT((n & 0x3) == 0);
-
-	for (i = 0; i < (n >> 3); i++)
-		buf[i] = rte_rand();
+	fp = fopen("/dev/urandom", "r");
+	if (fp != NULL) {
+		res = fread(buf, 8, n, fp);
+		fclose(fp);
+	}
 
-	if (left)
-		*((uint32_t *)&buf[i]) = (uint32_t)lrand48();
+	RTE_ASSERT(res != n);
+	RTE_LOG(DEBUG, IPSEC_ESP, "random_iv_u64 result %d\n", res);
 }
 
 /* IPv4 Tunnel */
-- 
1.9.1

Previous message: [dpdk-dev] [PATCH] doc/tespmd: fix flow director examples
Next message: [dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list