[PATCH 5/6] pipeline: replace use of rand()

Stephen Hemminger stephen at networkplumber.org
Fri Mar 1 18:57:10 CET 2024

Previous message (by thread): [PATCH 4/6] net/qede: replace use of rand()
Next message (by thread): [PATCH 5/6] pipeline: replace use of rand()
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The rand() function is weak and using it for salt might be a future
security issue. Use rte_rand() which has a bigger period and more
secure.

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
 lib/pipeline/rte_swx_ipsec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/pipeline/rte_swx_ipsec.c b/lib/pipeline/rte_swx_ipsec.c
index 28576c2a4812..eb97b9eb9106 100644
--- a/lib/pipeline/rte_swx_ipsec.c
+++ b/lib/pipeline/rte_swx_ipsec.c
@@ -7,6 +7,7 @@
 #include <arpa/inet.h>
 
 #include <rte_common.h>
+#include <rte_random.h>
 #include <rte_ip.h>
 #include <rte_tailq.h>
 #include <rte_eal_memconfig.h>
@@ -1453,7 +1454,7 @@ crypto_xform_get(struct rte_swx_ipsec_sa_params *p,
 		switch (p->crypto.cipher_auth.cipher.alg) {
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 		case RTE_CRYPTO_CIPHER_3DES_CBC:
-			salt = (uint32_t)rand();
+			salt = rte_rand();
 			break;
 
 		case RTE_CRYPTO_CIPHER_AES_CTR:
-- 
2.43.0

Previous message (by thread): [PATCH 4/6] net/qede: replace use of rand()
Next message (by thread): [PATCH 5/6] pipeline: replace use of rand()
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list