From patchwork Fri Mar  1 17:57:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephen Hemminger <stephen@networkplumber.org>
X-Patchwork-Id: 137769
X-Patchwork-Delegate: david.marchand@redhat.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 3C72B43BCF;
	Fri,  1 Mar 2024 18:59:24 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id BC63B433D2;
	Fri,  1 Mar 2024 18:59:01 +0100 (CET)
Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com
 [209.85.215.174])
 by mails.dpdk.org (Postfix) with ESMTP id 6BDAF4336E
 for <dev@dpdk.org>; Fri,  1 Mar 2024 18:58:57 +0100 (CET)
Received: by mail-pg1-f174.google.com with SMTP id
 41be03b00d2f7-5cedfc32250so2055787a12.0
 for <dev@dpdk.org>; Fri, 01 Mar 2024 09:58:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1709315936;
 x=1709920736; darn=dpdk.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=KYCvu9aiBiBRRtmGA6KeVv0Hp4fBfDKD3E7DVfc8K6c=;
 b=gn4fGtY05JKZLAs1KUkGrP2YebZoU+K0Yrf0f553xRs8AG431HJ0uab42S9JXA5TMS
 5hn58FWIMeaQu1Td8S6KI89tXaSa95vAIsI2FClZIiL4ZpdxaAowXbo5g83//4DEKYbc
 4KRELStciFmBro1Rc6hPCMP6Ef3X6QHfFRFqiOswZk5G2afTjcy2MYniON2bAnKTZJbR
 oYO/ZW1+lOTqUBArpqxtyvRM1FHhDh449v1vh5Iwa6fQyfQTfNXxnAK33c5S153PdCTT
 HOPW8nF9FGSudruQKJO8ME+4kUF9cpKc2qeDBS7SQhh+1lpEsoVVeCUxUw4agJ0M6mr7
 +dFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1709315936; x=1709920736;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=KYCvu9aiBiBRRtmGA6KeVv0Hp4fBfDKD3E7DVfc8K6c=;
 b=d+GQf8ntutLOiw2EyBYJTUEOLzRTSa7uVYXcasKquDvo9DqH09l+Iy5m9CMfel7nbh
 LqCvXGTvF6pVRx+lACFb4Y2EGtbJdU7i+MNpMARuQ6k8bMHLkutz33hWIQwZAOutBLgG
 7J4sfcJTXNpc6BRDtLHPgLwVEo5hcwqlxsHuCeDhCJpBGNd/puStrerSY6qyJM6c2xgh
 EY0U9a5NcnwHTvaUZqn6CN/UwSaP37sw4tfIzrFyRRLAcHFs8P/GCsac1RnrNyWD92sZ
 fT8ClmYV0/3xS14GBPLNJzdPxqGEjK5Bwqwooq7jsJRxpyJTxYbvkFfEUHenYCwxExfY
 SBqQ==
X-Gm-Message-State: AOJu0Yx4zqs0glCTkZGEct9EncOXTgl2h9EQQuHkpsJ+yyIXImPF5Png
 XLmH8dVcjpow9MLirJ4Gqs0RZIJZZRJ7TJVDjv6/riR5ork3SQkIL++8Uk7qnEiqwv7x8Z6JMLN
 YkOWmhw==
X-Google-Smtp-Source: 
 AGHT+IGk253H19Hk53uB5e/WYY37bHt7aSE1woVQzNOwVqhufreRIyMyFrUSHKrfY1J+sqrW2t7Anw==
X-Received: by 2002:a05:6a20:d044:b0:1a1:1571:84d8 with SMTP id
 hv4-20020a056a20d04400b001a1157184d8mr2296290pzb.47.1709315936730;
 Fri, 01 Mar 2024 09:58:56 -0800 (PST)
Received: from hermes.local (204-195-123-141.wavecable.com. [204.195.123.141])
 by smtp.gmail.com with ESMTPSA id
 bw7-20020a056a02048700b005e438ea2a5asm2938828pgb.53.2024.03.01.09.58.56
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 01 Mar 2024 09:58:56 -0800 (PST)
From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
 Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Subject: [PATCH 5/6] pipeline: replace use of rand()
Date: Fri,  1 Mar 2024 09:57:10 -0800
Message-ID: <20240301175842.159967-6-stephen@networkplumber.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240301175842.159967-1-stephen@networkplumber.org>
References: <20240301175842.159967-1-stephen@networkplumber.org>
MIME-Version: 1.0
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

The rand() function is weak and using it for salt might be a future
security issue. Use rte_rand() which has a bigger period and more
secure.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
---
 lib/pipeline/rte_swx_ipsec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/pipeline/rte_swx_ipsec.c b/lib/pipeline/rte_swx_ipsec.c
index 28576c2a4812..eb97b9eb9106 100644
--- a/lib/pipeline/rte_swx_ipsec.c
+++ b/lib/pipeline/rte_swx_ipsec.c
@@ -7,6 +7,7 @@
 #include <arpa/inet.h>
 
 #include <rte_common.h>
+#include <rte_random.h>
 #include <rte_ip.h>
 #include <rte_tailq.h>
 #include <rte_eal_memconfig.h>
@@ -1453,7 +1454,7 @@ crypto_xform_get(struct rte_swx_ipsec_sa_params *p,
 		switch (p->crypto.cipher_auth.cipher.alg) {
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 		case RTE_CRYPTO_CIPHER_3DES_CBC:
-			salt = (uint32_t)rand();
+			salt = rte_rand();
 			break;
 
 		case RTE_CRYPTO_CIPHER_AES_CTR: