1. 30 May, 2018 4 commits
  2. 29 May, 2018 4 commits
    • Ondřej Surý's avatar
      Merge branch '289-add-non-cs-prng' into 'master' · 0369ee1b
      Ondřej Surý authored
      Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG
      
      Closes #289
      
      See merge request !325
      0369ee1b
    • Ondřej Surý's avatar
      Add CHANGES entry. · a3aed02e
      Ondřej Surý authored
      4956.   [func]          Change isc_random() to be just PRNG using xoshiro128**,
                              and add isc_nonce_buf() that uses CSPRNG. [GL #289]
      a3aed02e
    • Ondřej Surý's avatar
      Make the xoshiro128plusplus thread-safe · ce71d944
      Ondřej Surý authored
      ce71d944
    • Ondřej Surý's avatar
      Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG · 99ba29bc
      Ondřej Surý authored
      This commit reverts the previous change to use system provided
      entropy, as (SYS_)getrandom is very slow on Linux because it is
      a syscall.
      
      The change introduced in this commit adds a new call isc_nonce_buf
      that uses CSPRNG from cryptographic library provider to generate
      secure data that can be and must be used for generating nonces.
      Example usage would be DNS cookies.
      
      The isc_random() API has been changed to use fast PRNG that is not
      cryptographically secure, but runs entirely in user space.  Two
      contestants have been considered xoroshiro family of the functions
      by Villa&Blackman and PCG by O'Neill.  After a consideration the
      xoshiro128starstar function has been used as uint32_t random number
      provider because it is very fast and has good enough properties
      for our usage pattern.
      
      The other change introduced in the commit is the more extensive usage
      of isc_random_uniform in places where the usage pattern was
      isc_random() % n to prevent modulo bias.  For usage patterns where
      only 16 or 8 bits are needed (DNS Message ID), the isc_random()
      functions has been renamed to isc_random32(), and isc_random16() and
      isc_random8() functions have been introduced by &-ing the
      isc_random32() output with 0xffff and 0xff.  Please note that the
      functions that uses stripped down bit count doesn't pass our
      NIST SP 800-22 based random test.
      99ba29bc
  3. 28 May, 2018 6 commits
  4. 26 May, 2018 3 commits
  5. 25 May, 2018 11 commits
  6. 24 May, 2018 7 commits
  7. 23 May, 2018 5 commits