This patch improve generate_random_key() function by replacing rand() function with reading from /dev/urandom.
CID 120136 : Calling risky function (DC.WEAK_CRYPTO) dont_call: rand should not be used for security related applications, as linear congruential algorithms are too easy to break Coverity issue: 120136 Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz at intel.com> --- examples/l2fwd-crypto/main.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index d18c813..e1f0a1e 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -45,6 +45,8 @@ #include <ctype.h> #include <errno.h> #include <getopt.h> +#include <fcntl.h> +#include <unistd.h> #include <rte_atomic.h> #include <rte_branch_prediction.h> @@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid) static void generate_random_key(uint8_t *key, unsigned length) { - unsigned i; + int fd; + int ret; + + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); - for (i = 0; i < length; i++) - key[i] = rand() % 0xff; + ret = read(fd, key, length); + close(fd); + + if (ret != (signed)length) + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); } static struct rte_cryptodev_sym_session * @@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options, static void l2fwd_crypto_default_options(struct l2fwd_crypto_options *options) { - srand(time(NULL)); - options->portmask = 0xffffffff; options->nb_ports_per_lcore = 1; options->refresh_period = 10000; -- 1.7.9.5