From patchwork Tue Jun  7 08:58:06 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
X-Patchwork-Id: 13300
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [IPv6:::1])
	by dpdk.org (Postfix) with ESMTP id 808DB8E7F;
	Tue,  7 Jun 2016 10:00:20 +0200 (CEST)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
	by dpdk.org (Postfix) with ESMTP id 9687D8DB3
	for <dev@dpdk.org>; Tue,  7 Jun 2016 10:00:18 +0200 (CEST)
Received: from orsmga002.jf.intel.com ([10.7.209.21])
	by orsmga101.jf.intel.com with ESMTP; 07 Jun 2016 01:00:17 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.26,432,1459839600"; d="scan'208";a="992529237"
Received: from gklab-246-019.igk.intel.com (HELO intel.com) ([10.217.246.19])
	by orsmga002.jf.intel.com with SMTP; 07 Jun 2016 01:00:15 -0700
Received: by intel.com (sSMTP sendmail emulation);
	Tue, 07 Jun 2016 10:58:09 +0200
From: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
To: sergio.gonzalez.monroy@intel.com
Cc: dev@dpdk.org,
	Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Date: Tue,  7 Jun 2016 10:58:06 +0200
Message-Id: <1465289886-14479-1-git-send-email-slawomirx.mrozowicz@intel.com>
X-Mailer: git-send-email 1.9.1
Subject: [dpdk-dev] [PATCH] examples/ipsec-secgw: Calling risky function
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

lrand48 should not be used for security related applications,
as linear congruential algorithms are too easy to break.
Used a compliant random number generator /dev/urandom.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Coverity ID 124558

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
 examples/ipsec-secgw/esp.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 0f6b33e..f3c4687 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -55,16 +55,17 @@
 static inline void
 random_iv_u64(uint64_t *buf, uint16_t n)
 {
-	unsigned left = n & 0x7;
-	unsigned i;
+	int res = 0;
+	FILE *fp;
 
-	RTE_ASSERT((n & 0x3) == 0);
-
-	for (i = 0; i < (n >> 3); i++)
-		buf[i] = rte_rand();
+	fp = fopen("/dev/urandom", "r");
+	if (fp != NULL) {
+		res = fread(buf, 8, n, fp);
+		fclose(fp);
+	}
 
-	if (left)
-		*((uint32_t *)&buf[i]) = (uint32_t)lrand48();
+	RTE_ASSERT(res != n);
+	RTE_LOG(DEBUG, IPSEC_ESP, "random_iv_u64 result %d\n", res);
 }
 
 /* IPv4 Tunnel */