[dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function

Mrozowicz, SlawomirX slawomirx.mrozowicz at intel.com
Tue Jun 7 15:16:59 CEST 2016

Previous message: [dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function
Next message: [dpdk-dev] [PATCH 1/3] kni: fix compile error for Linux 4.7
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>-----Original Message-----
>From: Gonzalez Monroy, Sergio
>Sent: Tuesday, June 7, 2016 10:15 AM
>To: Mrozowicz, SlawomirX <slawomirx.mrozowicz at intel.com>
>Cc: dev at dpdk.org
>Subject: Re: [PATCH] examples/ipsec-secgw: Calling risky function
>
>On 07/06/2016 09:58, Slawomir Mrozowicz wrote:
>> lrand48 should not be used for security related applications, as
>> linear congruential algorithms are too easy to break.
>> Used a compliant random number generator /dev/urandom.
>>
>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample
>> application") Coverity ID 124558
>>
>> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz at intel.com>
>> ---
>
>I understand that lrand48 is not crypto secure, but this fix will kill performance.
>
>I already have a solution for this issue to be included in the next IPSec patch
>set that will also add support for GCM/CTR modes.
>
>Sergio

Thanks for your reply.
So for now I propose to set this problem as intentional in the Coverity tool.

Sławomir

Previous message: [dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function
Next message: [dpdk-dev] [PATCH 1/3] kni: fix compile error for Linux 4.7
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list