[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
2016-07-13 16:55, Declan Doherty: > On 05/25/2016 02:34 PM, Piotr Azarewicz wrote: > > This patch improve generate_random_key() function by replacing rand() > > function with reading from /dev/urandom. > > > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > > dont_call: rand should not be used for security related applications, as > > linear congruential algorithms are too easy to break > > > > Coverity issue: 120136 > > > > Signed-off-by: Piotr Azarewicz > > Acked-by: Declan Doherty Applied, thanks
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
On 05/25/2016 02:34 PM, Piotr Azarewicz wrote:
> This patch improve generate_random_key() function by replacing rand()
> function with reading from /dev/urandom.
>
> CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
> dont_call: rand should not be used for security related applications, as
> linear congruential algorithms are too easy to break
>
> Coverity issue: 120136
>
> Signed-off-by: Piotr Azarewicz
> ---
> examples/l2fwd-crypto/main.c | 18 +-
> 1 file changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
> index d18c813..e1f0a1e 100644
> --- a/examples/l2fwd-crypto/main.c
> +++ b/examples/l2fwd-crypto/main.c
> @@ -45,6 +45,8 @@
> #include
> #include
> #include
> +#include
> +#include
>
> #include
> #include
> @@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned
> portid)
> static void
> generate_random_key(uint8_t *key, unsigned length)
> {
> - unsigned i;
> + int fd;
> + int ret;
> +
> + fd = open("/dev/urandom", O_RDONLY);
> + if (fd < 0)
> + rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
>
> - for (i = 0; i < length; i++)
> - key[i] = rand() % 0xff;
> + ret = read(fd, key, length);
> + close(fd);
> +
> + if (ret != (signed)length)
> + rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
> }
>
> static struct rte_cryptodev_sym_session *
> @@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct
> l2fwd_crypto_options *options,
> static void
> l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
> {
> - srand(time(NULL));
> -
> options->portmask = 0x;
> options->nb_ports_per_lcore = 1;
> options->refresh_period = 1;
>
Acked-by: Declan Doherty
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
On 07/11/2016 03:17 PM, Thomas Monjalon wrote: > 2016-06-08 07:46, Azarewicz, PiotrX T: >>> 2016-05-25 15:34, Piotr Azarewicz: This patch improve generate_random_key() function by replacing rand() function with reading from /dev/urandom. CID 120136 : Calling risky function (DC.WEAK_CRYPTO) dont_call: rand should not be used for security related applications, as linear congruential algorithms are too easy to break Coverity issue: 120136 Signed-off-by: Piotr Azarewicz >>> >>> Is it relevant for this example? >> >> Maybe not. But it don't break anything, and in the end make Coverity tool >> happy. >> >> Declan, please share your opinion. > > Declan? > sorry I'm missed this thread. While not strictly necessary for the example app, I don't see a problem applying it, as coverity points out it is a bad idea to use rand() for crypto purposes. Declan
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
> 2016-05-25 15:34, Piotr Azarewicz: > > This patch improve generate_random_key() function by replacing rand() > > function with reading from /dev/urandom. > > > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > > dont_call: rand should not be used for security related applications, > > as linear congruential algorithms are too easy to break > > > > Coverity issue: 120136 > > > > Signed-off-by: Piotr Azarewicz > > --- > > examples/l2fwd-crypto/main.c | 18 +- > > Is it relevant for this example? Maybe not. But it don't break anything, and in the end make Coverity tool happy. Declan, please share your opinion.
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
2016-05-25 15:34, Piotr Azarewicz: > This patch improve generate_random_key() function by replacing rand() > function with reading from /dev/urandom. > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO) > dont_call: rand should not be used for security related applications, as > linear congruential algorithms are too easy to break > > Coverity issue: 120136 > > Signed-off-by: Piotr Azarewicz > --- > examples/l2fwd-crypto/main.c | 18 +- Is it relevant for this example?
[dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator
This patch improve generate_random_key() function by replacing rand()
function with reading from /dev/urandom.
CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
dont_call: rand should not be used for security related applications, as
linear congruential algorithms are too easy to break
Coverity issue: 120136
Signed-off-by: Piotr Azarewicz
---
examples/l2fwd-crypto/main.c | 18 +-
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index d18c813..e1f0a1e 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -45,6 +45,8 @@
#include
#include
#include
+#include
+#include
#include
#include
@@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid)
static void
generate_random_key(uint8_t *key, unsigned length)
{
- unsigned i;
+ int fd;
+ int ret;
+
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd < 0)
+ rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
- for (i = 0; i < length; i++)
- key[i] = rand() % 0xff;
+ ret = read(fd, key, length);
+ close(fd);
+
+ if (ret != (signed)length)
+ rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
}
static struct rte_cryptodev_sym_session *
@@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct
l2fwd_crypto_options *options,
static void
l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
{
- srand(time(NULL));
-
options->portmask = 0x;
options->nb_ports_per_lcore = 1;
options->refresh_period = 1;
--
1.7.9.5
