From: Francis Dupont <fdupont@isc.org>
Date: Thu, 23 Aug 2018 17:02:00 +0000 (+0200)
Subject: [29-cryptolink-random-generator] Updated random users
X-Git-Tag: 66-authoritative-flag-in-kea_base~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=609ddc69613dc828b3d93673d61a2c259c3944aa;p=thirdparty%2Fkea.git

[29-cryptolink-random-generator] Updated random users
---

diff --git a/src/lib/dhcpsrv/host.cc b/src/lib/dhcpsrv/host.cc
index 1899e1c6dc..b225cce0ea 100644
--- a/src/lib/dhcpsrv/host.cc
+++ b/src/lib/dhcpsrv/host.cc
@@ -5,16 +5,15 @@
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 #include <config.h>
+
 #include <dhcp/pkt4.h>
 #include <dhcpsrv/host.h>
 #include <util/encode/hex.h>
 #include <util/strutil.h>
 #include <asiolink/io_address.h>
-#include <boost/random.hpp>
-#include <boost/random/uniform_int_distribution.hpp>
-#include <boost/random/mersenne_twister.hpp>
+#include <cryptolink/crypto_rng.h>
 #include <exceptions/exceptions.h>
-#include <random>
+
 #include <sstream>
 
 using namespace isc::data;
@@ -23,7 +22,6 @@ using namespace isc::asiolink;
 namespace isc {
 namespace dhcp {
 
-
 AuthKey::AuthKey(const std::string key) {
     setAuthKey(key);
 }
@@ -34,23 +32,17 @@ AuthKey::AuthKey(void) {
 
 std::string
 AuthKey::getRandomKeyString() {
-    std::array <char, AuthKey::KEY_LEN> randomString;
-    
-    std::random_device rd;
-    boost::random::mt19937 gen(rd());
-
-    std::for_each(randomString.begin(), randomString.end() - 1,
-        [&gen](char& a){ boost::random::uniform_int_distribution<char> dist('!', '~');
-        a = dist(gen); } );
-
-    return std::string(randomString.begin(), randomString.end());
+    std::vector<uint8_t> rs = isc::cryptolink::random(AuthKey::KEY_LEN);
+    std::string result;
+    result.resize(rs.size());
+    memmove(&result[0], &rs[0], result.size());
+    return (result);
 }
 
 std::string 
 AuthKey::ToText() const {
-    //this will need enhancement if the stored container is not
-    //string
-    return authKey_;
+    // this will need enhancement if the stored container is not a string
+    return (authKey_);
 }
 
 void
diff --git a/src/lib/util/random/random_number_generator.h b/src/lib/util/random/random_number_generator.h
index 3e63830e7c..da3f0be407 100644
--- a/src/lib/util/random/random_number_generator.h
+++ b/src/lib/util/random/random_number_generator.h
@@ -1,4 +1,4 @@
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2018 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -20,6 +20,8 @@
 #include <boost/random/uniform_real.hpp>
 #include <boost/random/variate_generator.hpp>
 
+/// PLEASE DO NOT USE THIS IN CRYPTOGRAPHICALLY SENSITIVE CODE.
+
 namespace isc {
 namespace util {
 namespace random {
diff --git a/src/lib/util/range_utilities.h b/src/lib/util/range_utilities.h
index f11f0bc1cd..3af37e7b65 100644
--- a/src/lib/util/range_utilities.h
+++ b/src/lib/util/range_utilities.h
@@ -39,8 +39,8 @@ isRangeZero(Iterator begin, Iterator end) {
 /// after every start of your process.  Calling srand() is enough. This
 /// method uses default rand(), which is usually a LCG pseudo-random
 /// number generator, so it is not suitable for security
-/// purposes. Please get a decent PRNG implementation, like Mersenne
-/// twister, if you are doing anything related with security.
+/// purposes. Please use cryptolink RNG if you are doing anything
+/// related with security.
 ///
 /// PRNG initialization is left out of this function on purpose. It may
 /// be initialized to specific value on purpose, e.g. to repeat exactly