[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
2016-07-13 16:55, Declan Doherty: > On 05/25/2016 02:34 PM, Piotr Azarewicz wrote: > > This patch improve generate_random_key() function by replacing rand() > > function with reading from /dev/urandom. > > > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > > dont_call: rand should not be used for security related applications, as > > linear congruential algorithms are too easy to break > > > > Coverity issue: 120136 > > > > Signed-off-by: Piotr Azarewicz > > Acked-by: Declan Doherty Applied, thanks
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
On 05/25/2016 02:34 PM, Piotr Azarewicz wrote: > This patch improve generate_random_key() function by replacing rand() > function with reading from /dev/urandom. > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > dont_call: rand should not be used for security related applications, as > linear congruential algorithms are too easy to break > > Coverity issue: 120136 > > Signed-off-by: Piotr Azarewicz > --- > examples/l2fwd-crypto/main.c | 18 +- > 1 file changed, 13 insertions(+), 5 deletions(-) > > diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c > index d18c813..e1f0a1e 100644 > --- a/examples/l2fwd-crypto/main.c > +++ b/examples/l2fwd-crypto/main.c > @@ -45,6 +45,8 @@ > #include > #include > #include > +#include > +#include > > #include > #include > @@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned > portid) > static void > generate_random_key(uint8_t *key, unsigned length) > { > - unsigned i; > + int fd; > + int ret; > + > + fd = open("/dev/urandom", O_RDONLY); > + if (fd < 0) > + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); > > - for (i = 0; i < length; i++) > - key[i] = rand() % 0xff; > + ret = read(fd, key, length); > + close(fd); > + > + if (ret != (signed)length) > + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); > } > > static struct rte_cryptodev_sym_session * > @@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct > l2fwd_crypto_options *options, > static void > l2fwd_crypto_default_options(struct l2fwd_crypto_options *options) > { > - srand(time(NULL)); > - > options->portmask = 0x; > options->nb_ports_per_lcore = 1; > options->refresh_period = 1; > Acked-by: Declan Doherty
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
On 07/11/2016 03:17 PM, Thomas Monjalon wrote: > 2016-06-08 07:46, Azarewicz, PiotrX T: >>> 2016-05-25 15:34, Piotr Azarewicz: This patch improve generate_random_key() function by replacing rand() function with reading from /dev/urandom. CID 120136 : Calling risky function (DC.WEAK_CRYPTO) dont_call: rand should not be used for security related applications, as linear congruential algorithms are too easy to break Coverity issue: 120136 Signed-off-by: Piotr Azarewicz >>> >>> Is it relevant for this example? >> >> Maybe not. But it don't break anything, and in the end make Coverity tool >> happy. >> >> Declan, please share your opinion. > > Declan? > sorry I'm missed this thread. While not strictly necessary for the example app, I don't see a problem applying it, as coverity points out it is a bad idea to use rand() for crypto purposes. Declan
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
> 2016-05-25 15:34, Piotr Azarewicz: > > This patch improve generate_random_key() function by replacing rand() > > function with reading from /dev/urandom. > > > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > > dont_call: rand should not be used for security related applications, > > as linear congruential algorithms are too easy to break > > > > Coverity issue: 120136 > > > > Signed-off-by: Piotr Azarewicz > > --- > > examples/l2fwd-crypto/main.c | 18 +- > > Is it relevant for this example? Maybe not. But it don't break anything, and in the end make Coverity tool happy. Declan, please share your opinion.
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
2016-05-25 15:34, Piotr Azarewicz: > This patch improve generate_random_key() function by replacing rand() > function with reading from /dev/urandom. > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > dont_call: rand should not be used for security related applications, as > linear congruential algorithms are too easy to break > > Coverity issue: 120136 > > Signed-off-by: Piotr Azarewicz > --- > examples/l2fwd-crypto/main.c | 18 +- Is it relevant for this example?
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
This patch improve generate_random_key() function by replacing rand() function with reading from /dev/urandom. CID 120136 : Calling risky function (DC.WEAK_CRYPTO) dont_call: rand should not be used for security related applications, as linear congruential algorithms are too easy to break Coverity issue: 120136 Signed-off-by: Piotr Azarewicz --- examples/l2fwd-crypto/main.c | 18 +- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index d18c813..e1f0a1e 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -45,6 +45,8 @@ #include #include #include +#include +#include #include #include @@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid) static void generate_random_key(uint8_t *key, unsigned length) { - unsigned i; + int fd; + int ret; + + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); - for (i = 0; i < length; i++) - key[i] = rand() % 0xff; + ret = read(fd, key, length); + close(fd); + + if (ret != (signed)length) + rte_exit(EXIT_FAILURE, "Failed to generate random key\n"); } static struct rte_cryptodev_sym_session * @@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options, static void l2fwd_crypto_default_options(struct l2fwd_crypto_options *options) { - srand(time(NULL)); - options->portmask = 0x; options->nb_ports_per_lcore = 1; options->refresh_period = 1; -- 1.7.9.5