The rand() function is weak and using it for salt might be a future
security issue. Use rte_rand() which has a bigger period and more
secure.
Signed-off-by: Stephen Hemminger <step...@networkplumber.org>
---
lib/pipeline/rte_swx_ipsec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/pipeline/rte_swx_ipsec.c b/lib/pipeline/rte_swx_ipsec.c
index 28576c2a4812..eb97b9eb9106 100644
--- a/lib/pipeline/rte_swx_ipsec.c
+++ b/lib/pipeline/rte_swx_ipsec.c
@@ -7,6 +7,7 @@
#include <arpa/inet.h>
#include <rte_common.h>
+#include <rte_random.h>
#include <rte_ip.h>
#include <rte_tailq.h>
#include <rte_eal_memconfig.h>
@@ -1453,7 +1454,7 @@ crypto_xform_get(struct rte_swx_ipsec_sa_params *p,
switch (p->crypto.cipher_auth.cipher.alg) {
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
- salt = (uint32_t)rand();
+ salt = rte_rand();
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
--
2.43.0
