[5/6] pipeline: replace use of rand()
Checks
Commit Message
The rand() function is weak and using it for salt might be a future
security issue. Use rte_rand() which has a bigger period and more
secure.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
lib/pipeline/rte_swx_ipsec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
On Fri, Mar 01, 2024 at 09:57:10AM -0800, Stephen Hemminger wrote:
> The rand() function is weak and using it for salt might be a future
> security issue. Use rte_rand() which has a bigger period and more
> secure.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
Reviewed-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
@@ -7,6 +7,7 @@
#include <arpa/inet.h>
#include <rte_common.h>
+#include <rte_random.h>
#include <rte_ip.h>
#include <rte_tailq.h>
#include <rte_eal_memconfig.h>
@@ -1453,7 +1454,7 @@ crypto_xform_get(struct rte_swx_ipsec_sa_params *p,
switch (p->crypto.cipher_auth.cipher.alg) {
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
- salt = (uint32_t)rand();
+ salt = rte_rand();
break;
case RTE_CRYPTO_CIPHER_AES_CTR: