Diff
Modified: trunk/Source/WTF/ChangeLog (214328 => 214329)
--- trunk/Source/WTF/ChangeLog 2017-03-24 00:07:17 UTC (rev 214328)
+++ trunk/Source/WTF/ChangeLog 2017-03-24 01:36:06 UTC (rev 214329)
@@ -1,3 +1,18 @@
+2017-03-23 Michael Catanzaro <[email protected]>
+
+ window.crypto.getRandomValues() uses the insecure RC4 RNG
+ https://bugs.webkit.org/show_bug.cgi?id=169623
+
+ Reviewed by Alex Christensen.
+
+ Remove the RC4 random generator in favor of using OS randomness for now. This is basically
+ a merge of https://codereview.chromium.org/1431233002 from Blink, original author "eroman".
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ (WTF::cryptographicallyRandomNumber):
+ (WTF::cryptographicallyRandomValues):
+ (): Deleted.
+
2017-03-23 Tomas Popela <[email protected]>
Fix uninitialized public members in WTF
Modified: trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp (214328 => 214329)
--- trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp 2017-03-24 00:07:17 UTC (rev 214328)
+++ trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp 2017-03-24 01:36:06 UTC (rev 214329)
@@ -1,179 +1,46 @@
/*
- * Copyright (c) 1996, David Mazieres <[email protected]>
- * Copyright (c) 2008, Damien Miller <[email protected]>
+ * Copyright (C) 2017 Igalia S.L.
*
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
*/
-/*
- * Arc4 random number generator for OpenBSD.
- *
- * This code is derived from section 17.1 of Applied Cryptography,
- * second edition, which describes a stream cipher allegedly
- * compatible with RSA Labs "RC4" cipher (the actual description of
- * which is a trade secret). The same algorithm is used as a stream
- * cipher called "arcfour" in Tatu Ylonen's ssh package.
- *
- * RC4 is a registered trademark of RSA Laboratories.
- */
-
#include "config.h"
#include "CryptographicallyRandomNumber.h"
-#include "NeverDestroyed.h"
#include "OSRandomSource.h"
-#include <mutex>
-#include <wtf/Lock.h>
namespace WTF {
-namespace {
-
-class ARC4Stream {
-public:
- ARC4Stream();
-
- uint8_t i;
- uint8_t j;
- uint8_t s[256];
-};
-
-class ARC4RandomNumberGenerator {
- WTF_MAKE_FAST_ALLOCATED;
-public:
- ARC4RandomNumberGenerator();
-
- uint32_t randomNumber();
- void randomValues(void* buffer, size_t length);
-
-private:
- inline void addRandomData(unsigned char *data, int length);
- void stir();
- void stirIfNeeded();
- inline uint8_t getByte();
- inline uint32_t getWord();
-
- ARC4Stream m_stream;
- int m_count;
- Lock m_mutex;
-};
-
-ARC4Stream::ARC4Stream()
-{
- for (int n = 0; n < 256; n++)
- s[n] = n;
- i = 0;
- j = 0;
-}
-
-ARC4RandomNumberGenerator::ARC4RandomNumberGenerator()
- : m_count(0)
-{
-}
-
-void ARC4RandomNumberGenerator::addRandomData(unsigned char* data, int length)
-{
- m_stream.i--;
- for (int n = 0; n < 256; n++) {
- m_stream.i++;
- uint8_t si = m_stream.s[m_stream.i];
- m_stream.j += si + data[n % length];
- m_stream.s[m_stream.i] = m_stream.s[m_stream.j];
- m_stream.s[m_stream.j] = si;
- }
- m_stream.j = m_stream.i;
-}
-
-void ARC4RandomNumberGenerator::stir()
-{
- unsigned char randomness[128];
- size_t length = sizeof(randomness);
- cryptographicallyRandomValuesFromOS(randomness, length);
- addRandomData(randomness, length);
-
- // Discard early keystream, as per recommendations in:
- // http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
- for (int i = 0; i < 256; i++)
- getByte();
- m_count = 1600000;
-}
-
-void ARC4RandomNumberGenerator::stirIfNeeded()
-{
- if (m_count <= 0)
- stir();
-}
-
-uint8_t ARC4RandomNumberGenerator::getByte()
-{
- m_stream.i++;
- uint8_t si = m_stream.s[m_stream.i];
- m_stream.j += si;
- uint8_t sj = m_stream.s[m_stream.j];
- m_stream.s[m_stream.i] = sj;
- m_stream.s[m_stream.j] = si;
- return (m_stream.s[(si + sj) & 0xff]);
-}
-
-uint32_t ARC4RandomNumberGenerator::getWord()
-{
- uint32_t val;
- val = getByte() << 24;
- val |= getByte() << 16;
- val |= getByte() << 8;
- val |= getByte();
- return val;
-}
-
-uint32_t ARC4RandomNumberGenerator::randomNumber()
-{
- std::lock_guard<Lock> lock(m_mutex);
-
- m_count -= 4;
- stirIfNeeded();
- return getWord();
-}
-
-void ARC4RandomNumberGenerator::randomValues(void* buffer, size_t length)
-{
- std::lock_guard<Lock> lock(m_mutex);
-
- unsigned char* result = reinterpret_cast<unsigned char*>(buffer);
- stirIfNeeded();
- while (length--) {
- m_count--;
- stirIfNeeded();
- result[length] = getByte();
- }
-}
-
-ARC4RandomNumberGenerator& sharedRandomNumberGenerator()
-{
- static NeverDestroyed<ARC4RandomNumberGenerator> randomNumberGenerator;
-
- return randomNumberGenerator;
-}
-
-}
-
uint32_t cryptographicallyRandomNumber()
{
- return sharedRandomNumberGenerator().randomNumber();
+ uint32_t result;
+ cryptographicallyRandomValues(&result, sizeof(result));
+ return result;
}
+// FIXME: It is slow to always get the values directly from the OS.
void cryptographicallyRandomValues(void* buffer, size_t length)
{
- sharedRandomNumberGenerator().randomValues(buffer, length);
+ cryptographicallyRandomValuesFromOS(static_cast<unsigned char*>(buffer), length);
}
}
Modified: trunk/Source/WebCore/ChangeLog (214328 => 214329)
--- trunk/Source/WebCore/ChangeLog 2017-03-24 00:07:17 UTC (rev 214328)
+++ trunk/Source/WebCore/ChangeLog 2017-03-24 01:36:06 UTC (rev 214329)
@@ -1,3 +1,18 @@
+2017-03-23 Michael Catanzaro <[email protected]>
+
+ window.crypto.getRandomValues() uses the insecure RC4 RNG
+ https://bugs.webkit.org/show_bug.cgi?id=169623
+
+ Reviewed by Alex Christensen.
+
+ * PlatformMac.cmake:
+ * WebCore.xcodeproj/project.pbxproj:
+ * crypto/CryptoKey.cpp:
+ (WebCore::CryptoKey::randomData): Use this on Mac now.
+ * crypto/mac/CryptoKeyMac.cpp: Removed.
+ * page/Crypto.cpp:
+ (WebCore::Crypto::getRandomValues): Rollout r214188.
+
2017-03-23 Chris Dumez <[email protected]>
SVG animations are not paused when their <svg> element is removed from the document
Modified: trunk/Source/WebCore/PlatformMac.cmake (214328 => 214329)
--- trunk/Source/WebCore/PlatformMac.cmake 2017-03-24 00:07:17 UTC (rev 214328)
+++ trunk/Source/WebCore/PlatformMac.cmake 2017-03-24 01:36:06 UTC (rev 214329)
@@ -218,7 +218,6 @@
crypto/mac/CryptoAlgorithmRSA_OAEPMac.cpp
crypto/mac/CryptoAlgorithmRegistryMac.cpp
crypto/mac/CryptoKeyECMac.cpp
- crypto/mac/CryptoKeyMac.cpp
crypto/mac/CryptoKeyRSAMac.cpp
crypto/mac/SerializedCryptoKeyWrapMac.mm
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (214328 => 214329)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2017-03-24 00:07:17 UTC (rev 214328)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2017-03-24 01:36:06 UTC (rev 214329)
@@ -6510,7 +6510,6 @@
E19AC3F41824DC7900349426 /* CryptoAlgorithmSHA512.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E19AC3EC1824DC7900349426 /* CryptoAlgorithmSHA512.cpp */; };
E19AC3F51824DC7900349426 /* CryptoAlgorithmSHA512.h in Headers */ = {isa = PBXBuildFile; fileRef = E19AC3ED1824DC7900349426 /* CryptoAlgorithmSHA512.h */; };
E19AC3F71824E5D100349426 /* CryptoAlgorithmAesKeyGenParamsDeprecated.h in Headers */ = {isa = PBXBuildFile; fileRef = E19AC3F61824E5D100349426 /* CryptoAlgorithmAesKeyGenParamsDeprecated.h */; };
- E19AC3F9182566F700349426 /* CryptoKeyMac.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E19AC3F8182566F700349426 /* CryptoKeyMac.cpp */; };
E19DA29C18189ADD00088BC8 /* CryptoAlgorithmHmacKeyParamsDeprecated.h in Headers */ = {isa = PBXBuildFile; fileRef = E19DA29B18189ADD00088BC8 /* CryptoAlgorithmHmacKeyParamsDeprecated.h */; };
E1A1470811102B1500EEC0F3 /* ContainerNodeAlgorithms.h in Headers */ = {isa = PBXBuildFile; fileRef = E1A1470711102B1500EEC0F3 /* ContainerNodeAlgorithms.h */; };
E1A3162D134BC32D007C9A4F /* WebNSAttributedStringExtras.h in Headers */ = {isa = PBXBuildFile; fileRef = E1A3162B134BC32D007C9A4F /* WebNSAttributedStringExtras.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -14973,7 +14972,6 @@
E19AC3EC1824DC7900349426 /* CryptoAlgorithmSHA512.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CryptoAlgorithmSHA512.cpp; sourceTree = "<group>"; };
E19AC3ED1824DC7900349426 /* CryptoAlgorithmSHA512.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmSHA512.h; sourceTree = "<group>"; };
E19AC3F61824E5D100349426 /* CryptoAlgorithmAesKeyGenParamsDeprecated.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmAesKeyGenParamsDeprecated.h; sourceTree = "<group>"; };
- E19AC3F8182566F700349426 /* CryptoKeyMac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CryptoKeyMac.cpp; sourceTree = "<group>"; };
E19DA29B18189ADD00088BC8 /* CryptoAlgorithmHmacKeyParamsDeprecated.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmHmacKeyParamsDeprecated.h; sourceTree = "<group>"; };
E1A1470711102B1500EEC0F3 /* ContainerNodeAlgorithms.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ContainerNodeAlgorithms.h; sourceTree = "<group>"; };
E1A3162B134BC32D007C9A4F /* WebNSAttributedStringExtras.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebNSAttributedStringExtras.h; sourceTree = "<group>"; };
@@ -24237,7 +24235,6 @@
E1233F0E185A4130008DFAF5 /* CryptoAlgorithmRSAES_PKCS1_v1_5Mac.cpp */,
E1C266D618317AB4003F8B33 /* CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp */,
5750A97A1E69161600705C4A /* CryptoKeyECMac.cpp */,
- E19AC3F8182566F700349426 /* CryptoKeyMac.cpp */,
E164FAA418315E1A00DB4E61 /* CryptoKeyRSAMac.cpp */,
E18DF33618AAF14D00773E59 /* SerializedCryptoKeyWrapMac.mm */,
);
@@ -30568,7 +30565,6 @@
5750A9741E68D00000705C4A /* CryptoKeyEC.cpp in Sources */,
5750A97B1E69161600705C4A /* CryptoKeyECMac.cpp in Sources */,
E125F8351822F18A00D84CD9 /* CryptoKeyHMAC.cpp in Sources */,
- E19AC3F9182566F700349426 /* CryptoKeyMac.cpp in Sources */,
57E657E01E71397800F941CA /* CryptoKeyRaw.cpp in Sources */,
57E2336B1DCC262400F28D01 /* CryptoKeyRSA.cpp in Sources */,
E164FAA518315E1A00DB4E61 /* CryptoKeyRSAMac.cpp in Sources */,
Modified: trunk/Source/WebCore/crypto/CryptoKey.cpp (214328 => 214329)
--- trunk/Source/WebCore/crypto/CryptoKey.cpp 2017-03-24 00:07:17 UTC (rev 214328)
+++ trunk/Source/WebCore/crypto/CryptoKey.cpp 2017-03-24 01:36:06 UTC (rev 214329)
@@ -68,7 +68,6 @@
return result;
}
-#if !OS(DARWIN) || PLATFORM(GTK)
Vector<uint8_t> CryptoKey::randomData(size_t size)
{
Vector<uint8_t> result(size);
@@ -75,7 +74,6 @@
cryptographicallyRandomValues(result.data(), result.size());
return result;
}
-#endif
} // namespace WebCore
Deleted: trunk/Source/WebCore/crypto/mac/CryptoKeyMac.cpp (214328 => 214329)
--- trunk/Source/WebCore/crypto/mac/CryptoKeyMac.cpp 2017-03-24 00:07:17 UTC (rev 214328)
+++ trunk/Source/WebCore/crypto/mac/CryptoKeyMac.cpp 2017-03-24 01:36:06 UTC (rev 214329)
@@ -1,45 +0,0 @@
-/*
- * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "CryptoKey.h"
-
-#if ENABLE(SUBTLE_CRYPTO)
-
-#include "CommonCryptoUtilities.h"
-
-namespace WebCore {
-
-Vector<uint8_t> CryptoKey::randomData(size_t size)
-{
- Vector<uint8_t> result(size);
- int rc = CCRandomCopyBytes(kCCRandomDefault, result.data(), result.size());
- RELEASE_ASSERT(rc == kCCSuccess);
- return result;
-}
-
-} // namespace WebCore
-
-#endif // ENABLE(SUBTLE_CRYPTO)
Modified: trunk/Source/WebCore/page/Crypto.cpp (214328 => 214329)
--- trunk/Source/WebCore/page/Crypto.cpp 2017-03-24 00:07:17 UTC (rev 214328)
+++ trunk/Source/WebCore/page/Crypto.cpp 2017-03-24 01:36:06 UTC (rev 214329)
@@ -31,9 +31,6 @@
#include "config.h"
#include "Crypto.h"
-#if OS(DARWIN)
-#include "CommonCryptoUtilities.h"
-#endif
#include "Document.h"
#include "ExceptionCode.h"
#include "SubtleCrypto.h"
@@ -61,12 +58,7 @@
return Exception { TYPE_MISMATCH_ERR };
if (array.byteLength() > 65536)
return Exception { QUOTA_EXCEEDED_ERR };
-#if OS(DARWIN)
- int rc = CCRandomCopyBytes(kCCRandomDefault, array.baseAddress(), array.byteLength());
- RELEASE_ASSERT(rc == kCCSuccess);
-#else
cryptographicallyRandomValues(array.baseAddress(), array.byteLength());
-#endif
return { };
}
