From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 8 Dec 2020 15:54:14 +0000 (+0100)
Subject: UUID: Use the non-cryptographic variant of the boost::uuid
X-Git-Tag: rec-4.5.0-alpha1~74^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0acc8b31804a2ed3bb7309d5fb22576411fcd244;p=thirdparty%2Fpdns.git

UUID: Use the non-cryptographic variant of the boost::uuid

Since Boost 1.67.0 the default UUID generator is cryptographically
strong, which is neat but quite slower. Since we don't need that,
just use the fastest version.
---

diff --git a/pdns/uuid-utils.cc b/pdns/uuid-utils.cc
index 12340aefce..c59e0a0d0d 100644
--- a/pdns/uuid-utils.cc
+++ b/pdns/uuid-utils.cc
@@ -32,10 +32,15 @@
 
 #include <boost/uuid/uuid_generators.hpp>
 
-thread_local boost::uuids::random_generator t_uuidGenerator;
+// The default of:
+// boost::uuids::random_generator
+// is safe for crypto operations since 1.67.0, but much slower.
+thread_local boost::uuids::basic_random_generator<boost::random::mt19937> t_uuidGenerator;
 
 boost::uuids::uuid getUniqueID()
 {
+  // not safe for crypto, but it could be with Boost >= 1.67.0 by using boost::uuids::random_generator,
+  // which is slower
   return t_uuidGenerator();
 }
 
diff --git a/pdns/uuid-utils.hh b/pdns/uuid-utils.hh
index 3aa7844b3a..c1f78d7151 100644
--- a/pdns/uuid-utils.hh
+++ b/pdns/uuid-utils.hh
@@ -24,5 +24,6 @@
 #include <boost/uuid/uuid.hpp>
 #include <boost/uuid/uuid_io.hpp>
 
+/* Not safe for crypto, see the definition for more information */
 boost::uuids::uuid getUniqueID();
 boost::uuids::uuid getUniqueID(const std::string& str);