diff mbox series

[5/6] pipeline: replace use of rand()

Message ID 20240301175842.159967-6-stephen@networkplumber.org (mailing list archive)
State Accepted, archived
Delegated to: David Marchand
Headers
Series Coverity related fixes |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Stephen Hemminger March 1, 2024, 5:57 p.m. UTC 
  The rand() function is weak and using it for salt might be a future
security issue. Use rte_rand() which has a bigger period and more
secure.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 lib/pipeline/rte_swx_ipsec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Tyler Retzlaff March 1, 2024, 6:11 p.m. UTC | #1 
On Fri, Mar 01, 2024 at 09:57:10AM -0800, Stephen Hemminger wrote:
> The rand() function is weak and using it for salt might be a future
> security issue. Use rte_rand() which has a bigger period and more
> secure.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---

Reviewed-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
diff mbox series

Patch

diff --git a/lib/pipeline/rte_swx_ipsec.c b/lib/pipeline/rte_swx_ipsec.c
index 28576c2a4812..eb97b9eb9106 100644
--- a/lib/pipeline/rte_swx_ipsec.c
+++ b/lib/pipeline/rte_swx_ipsec.c
@@ -7,6 +7,7 @@ 
 #include <arpa/inet.h>
 
 #include <rte_common.h>
+#include <rte_random.h>
 #include <rte_ip.h>
 #include <rte_tailq.h>
 #include <rte_eal_memconfig.h>
@@ -1453,7 +1454,7 @@  crypto_xform_get(struct rte_swx_ipsec_sa_params *p,
 		switch (p->crypto.cipher_auth.cipher.alg) {
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 		case RTE_CRYPTO_CIPHER_3DES_CBC:
-			salt = (uint32_t)rand();
+			salt = rte_rand();
 			break;
 
 		case RTE_CRYPTO_CIPHER_AES_CTR: