Diff
Modified: trunk/Source/WTF/ChangeLog (214361 => 214362)
--- trunk/Source/WTF/ChangeLog 2017-03-24 18:41:42 UTC (rev 214361)
+++ trunk/Source/WTF/ChangeLog 2017-03-24 18:56:57 UTC (rev 214362)
@@ -1,3 +1,15 @@
+2017-03-24 Chris Dumez <[email protected]>
+
+ Unreviewed, rolling out r214329.
+
+ Significantly regressed Speedometer
+
+ Reverted changeset:
+
+ "window.crypto.getRandomValues() uses the insecure RC4 RNG"
+ https://bugs.webkit.org/show_bug.cgi?id=169623
+ http://trac.webkit.org/changeset/214329
+
2017-03-24 Andreas Kling <[email protected]>
Make inactive web processes behave as though under memory pressure.
Modified: trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp (214361 => 214362)
--- trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp 2017-03-24 18:41:42 UTC (rev 214361)
+++ trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp 2017-03-24 18:56:57 UTC (rev 214362)
@@ -1,46 +1,179 @@
/*
- * Copyright (C) 2017 Igalia S.L.
+ * Copyright (c) 1996, David Mazieres <[email protected]>
+ * Copyright (c) 2008, Damien Miller <[email protected]>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+/*
+ * Arc4 random number generator for OpenBSD.
+ *
+ * This code is derived from section 17.1 of Applied Cryptography,
+ * second edition, which describes a stream cipher allegedly
+ * compatible with RSA Labs "RC4" cipher (the actual description of
+ * which is a trade secret). The same algorithm is used as a stream
+ * cipher called "arcfour" in Tatu Ylonen's ssh package.
+ *
+ * RC4 is a registered trademark of RSA Laboratories.
+ */
+
#include "config.h"
#include "CryptographicallyRandomNumber.h"
+#include "NeverDestroyed.h"
#include "OSRandomSource.h"
+#include <mutex>
+#include <wtf/Lock.h>
namespace WTF {
+namespace {
+
+class ARC4Stream {
+public:
+ ARC4Stream();
+
+ uint8_t i;
+ uint8_t j;
+ uint8_t s[256];
+};
+
+class ARC4RandomNumberGenerator {
+ WTF_MAKE_FAST_ALLOCATED;
+public:
+ ARC4RandomNumberGenerator();
+
+ uint32_t randomNumber();
+ void randomValues(void* buffer, size_t length);
+
+private:
+ inline void addRandomData(unsigned char *data, int length);
+ void stir();
+ void stirIfNeeded();
+ inline uint8_t getByte();
+ inline uint32_t getWord();
+
+ ARC4Stream m_stream;
+ int m_count;
+ Lock m_mutex;
+};
+
+ARC4Stream::ARC4Stream()
+{
+ for (int n = 0; n < 256; n++)
+ s[n] = n;
+ i = 0;
+ j = 0;
+}
+
+ARC4RandomNumberGenerator::ARC4RandomNumberGenerator()
+ : m_count(0)
+{
+}
+
+void ARC4RandomNumberGenerator::addRandomData(unsigned char* data, int length)
+{
+ m_stream.i--;
+ for (int n = 0; n < 256; n++) {
+ m_stream.i++;
+ uint8_t si = m_stream.s[m_stream.i];
+ m_stream.j += si + data[n % length];
+ m_stream.s[m_stream.i] = m_stream.s[m_stream.j];
+ m_stream.s[m_stream.j] = si;
+ }
+ m_stream.j = m_stream.i;
+}
+
+void ARC4RandomNumberGenerator::stir()
+{
+ unsigned char randomness[128];
+ size_t length = sizeof(randomness);
+ cryptographicallyRandomValuesFromOS(randomness, length);
+ addRandomData(randomness, length);
+
+ // Discard early keystream, as per recommendations in:
+ // http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+ for (int i = 0; i < 256; i++)
+ getByte();
+ m_count = 1600000;
+}
+
+void ARC4RandomNumberGenerator::stirIfNeeded()
+{
+ if (m_count <= 0)
+ stir();
+}
+
+uint8_t ARC4RandomNumberGenerator::getByte()
+{
+ m_stream.i++;
+ uint8_t si = m_stream.s[m_stream.i];
+ m_stream.j += si;
+ uint8_t sj = m_stream.s[m_stream.j];
+ m_stream.s[m_stream.i] = sj;
+ m_stream.s[m_stream.j] = si;
+ return (m_stream.s[(si + sj) & 0xff]);
+}
+
+uint32_t ARC4RandomNumberGenerator::getWord()
+{
+ uint32_t val;
+ val = getByte() << 24;
+ val |= getByte() << 16;
+ val |= getByte() << 8;
+ val |= getByte();
+ return val;
+}
+
+uint32_t ARC4RandomNumberGenerator::randomNumber()
+{
+ std::lock_guard<Lock> lock(m_mutex);
+
+ m_count -= 4;
+ stirIfNeeded();
+ return getWord();
+}
+
+void ARC4RandomNumberGenerator::randomValues(void* buffer, size_t length)
+{
+ std::lock_guard<Lock> lock(m_mutex);
+
+ unsigned char* result = reinterpret_cast<unsigned char*>(buffer);
+ stirIfNeeded();
+ while (length--) {
+ m_count--;
+ stirIfNeeded();
+ result[length] = getByte();
+ }
+}
+
+ARC4RandomNumberGenerator& sharedRandomNumberGenerator()
+{
+ static NeverDestroyed<ARC4RandomNumberGenerator> randomNumberGenerator;
+
+ return randomNumberGenerator;
+}
+
+}
+
uint32_t cryptographicallyRandomNumber()
{
- uint32_t result;
- cryptographicallyRandomValues(&result, sizeof(result));
- return result;
+ return sharedRandomNumberGenerator().randomNumber();
}
-// FIXME: It is slow to always get the values directly from the OS.
void cryptographicallyRandomValues(void* buffer, size_t length)
{
- cryptographicallyRandomValuesFromOS(static_cast<unsigned char*>(buffer), length);
+ sharedRandomNumberGenerator().randomValues(buffer, length);
}
}
Modified: trunk/Source/WebCore/ChangeLog (214361 => 214362)
--- trunk/Source/WebCore/ChangeLog 2017-03-24 18:41:42 UTC (rev 214361)
+++ trunk/Source/WebCore/ChangeLog 2017-03-24 18:56:57 UTC (rev 214362)
@@ -1,3 +1,15 @@
+2017-03-24 Chris Dumez <[email protected]>
+
+ Unreviewed, rolling out r214329.
+
+ Significantly regressed Speedometer
+
+ Reverted changeset:
+
+ "window.crypto.getRandomValues() uses the insecure RC4 RNG"
+ https://bugs.webkit.org/show_bug.cgi?id=169623
+ http://trac.webkit.org/changeset/214329
+
2017-03-24 Yoav Weiss <[email protected]>
Add a warning for unused link preloads.
Modified: trunk/Source/WebCore/PlatformMac.cmake (214361 => 214362)
--- trunk/Source/WebCore/PlatformMac.cmake 2017-03-24 18:41:42 UTC (rev 214361)
+++ trunk/Source/WebCore/PlatformMac.cmake 2017-03-24 18:56:57 UTC (rev 214362)
@@ -218,6 +218,7 @@
crypto/mac/CryptoAlgorithmRSA_OAEPMac.cpp
crypto/mac/CryptoAlgorithmRegistryMac.cpp
crypto/mac/CryptoKeyECMac.cpp
+ crypto/mac/CryptoKeyMac.cpp
crypto/mac/CryptoKeyRSAMac.cpp
crypto/mac/SerializedCryptoKeyWrapMac.mm
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (214361 => 214362)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2017-03-24 18:41:42 UTC (rev 214361)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2017-03-24 18:56:57 UTC (rev 214362)
@@ -6514,6 +6514,7 @@
E19AC3F41824DC7900349426 /* CryptoAlgorithmSHA512.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E19AC3EC1824DC7900349426 /* CryptoAlgorithmSHA512.cpp */; };
E19AC3F51824DC7900349426 /* CryptoAlgorithmSHA512.h in Headers */ = {isa = PBXBuildFile; fileRef = E19AC3ED1824DC7900349426 /* CryptoAlgorithmSHA512.h */; };
E19AC3F71824E5D100349426 /* CryptoAlgorithmAesKeyGenParamsDeprecated.h in Headers */ = {isa = PBXBuildFile; fileRef = E19AC3F61824E5D100349426 /* CryptoAlgorithmAesKeyGenParamsDeprecated.h */; };
+ E19AC3F9182566F700349426 /* CryptoKeyMac.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E19AC3F8182566F700349426 /* CryptoKeyMac.cpp */; };
E19DA29C18189ADD00088BC8 /* CryptoAlgorithmHmacKeyParamsDeprecated.h in Headers */ = {isa = PBXBuildFile; fileRef = E19DA29B18189ADD00088BC8 /* CryptoAlgorithmHmacKeyParamsDeprecated.h */; };
E1A1470811102B1500EEC0F3 /* ContainerNodeAlgorithms.h in Headers */ = {isa = PBXBuildFile; fileRef = E1A1470711102B1500EEC0F3 /* ContainerNodeAlgorithms.h */; };
E1A3162D134BC32D007C9A4F /* WebNSAttributedStringExtras.h in Headers */ = {isa = PBXBuildFile; fileRef = E1A3162B134BC32D007C9A4F /* WebNSAttributedStringExtras.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -14980,6 +14981,7 @@
E19AC3EC1824DC7900349426 /* CryptoAlgorithmSHA512.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CryptoAlgorithmSHA512.cpp; sourceTree = "<group>"; };
E19AC3ED1824DC7900349426 /* CryptoAlgorithmSHA512.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmSHA512.h; sourceTree = "<group>"; };
E19AC3F61824E5D100349426 /* CryptoAlgorithmAesKeyGenParamsDeprecated.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmAesKeyGenParamsDeprecated.h; sourceTree = "<group>"; };
+ E19AC3F8182566F700349426 /* CryptoKeyMac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CryptoKeyMac.cpp; sourceTree = "<group>"; };
E19DA29B18189ADD00088BC8 /* CryptoAlgorithmHmacKeyParamsDeprecated.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoAlgorithmHmacKeyParamsDeprecated.h; sourceTree = "<group>"; };
E1A1470711102B1500EEC0F3 /* ContainerNodeAlgorithms.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ContainerNodeAlgorithms.h; sourceTree = "<group>"; };
E1A3162B134BC32D007C9A4F /* WebNSAttributedStringExtras.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebNSAttributedStringExtras.h; sourceTree = "<group>"; };
@@ -24243,6 +24245,7 @@
E1233F0E185A4130008DFAF5 /* CryptoAlgorithmRSAES_PKCS1_v1_5Mac.cpp */,
E1C266D618317AB4003F8B33 /* CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp */,
5750A97A1E69161600705C4A /* CryptoKeyECMac.cpp */,
+ E19AC3F8182566F700349426 /* CryptoKeyMac.cpp */,
E164FAA418315E1A00DB4E61 /* CryptoKeyRSAMac.cpp */,
E18DF33618AAF14D00773E59 /* SerializedCryptoKeyWrapMac.mm */,
);
@@ -30579,6 +30582,7 @@
5750A9741E68D00000705C4A /* CryptoKeyEC.cpp in Sources */,
5750A97B1E69161600705C4A /* CryptoKeyECMac.cpp in Sources */,
E125F8351822F18A00D84CD9 /* CryptoKeyHMAC.cpp in Sources */,
+ E19AC3F9182566F700349426 /* CryptoKeyMac.cpp in Sources */,
57E657E01E71397800F941CA /* CryptoKeyRaw.cpp in Sources */,
57E2336B1DCC262400F28D01 /* CryptoKeyRSA.cpp in Sources */,
E164FAA518315E1A00DB4E61 /* CryptoKeyRSAMac.cpp in Sources */,
Modified: trunk/Source/WebCore/crypto/CryptoKey.cpp (214361 => 214362)
--- trunk/Source/WebCore/crypto/CryptoKey.cpp 2017-03-24 18:41:42 UTC (rev 214361)
+++ trunk/Source/WebCore/crypto/CryptoKey.cpp 2017-03-24 18:56:57 UTC (rev 214362)
@@ -68,6 +68,7 @@
return result;
}
+#if !OS(DARWIN) || PLATFORM(GTK)
Vector<uint8_t> CryptoKey::randomData(size_t size)
{
Vector<uint8_t> result(size);
@@ -74,6 +75,7 @@
cryptographicallyRandomValues(result.data(), result.size());
return result;
}
+#endif
} // namespace WebCore
Copied: trunk/Source/WebCore/crypto/mac/CryptoKeyMac.cpp (from rev 214361, trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp) (0 => 214362)
--- trunk/Source/WebCore/crypto/mac/CryptoKeyMac.cpp (rev 0)
+++ trunk/Source/WebCore/crypto/mac/CryptoKeyMac.cpp 2017-03-24 18:56:57 UTC (rev 214362)
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "CryptoKey.h"
+
+#if ENABLE(SUBTLE_CRYPTO)
+
+#include "CommonCryptoUtilities.h"
+
+namespace WebCore {
+
+Vector<uint8_t> CryptoKey::randomData(size_t size)
+{
+ Vector<uint8_t> result(size);
+ int rc = CCRandomCopyBytes(kCCRandomDefault, result.data(), result.size());
+ RELEASE_ASSERT(rc == kCCSuccess);
+ return result;
+}
+
+} // namespace WebCore
+
+#endif // ENABLE(SUBTLE_CRYPTO)
Modified: trunk/Source/WebCore/page/Crypto.cpp (214361 => 214362)
--- trunk/Source/WebCore/page/Crypto.cpp 2017-03-24 18:41:42 UTC (rev 214361)
+++ trunk/Source/WebCore/page/Crypto.cpp 2017-03-24 18:56:57 UTC (rev 214362)
@@ -31,6 +31,9 @@
#include "config.h"
#include "Crypto.h"
+#if OS(DARWIN)
+#include "CommonCryptoUtilities.h"
+#endif
#include "Document.h"
#include "ExceptionCode.h"
#include "SubtleCrypto.h"
@@ -58,7 +61,12 @@
return Exception { TYPE_MISMATCH_ERR };
if (array.byteLength() > 65536)
return Exception { QUOTA_EXCEEDED_ERR };
+#if OS(DARWIN)
+ int rc = CCRandomCopyBytes(kCCRandomDefault, array.baseAddress(), array.byteLength());
+ RELEASE_ASSERT(rc == kCCSuccess);
+#else
cryptographicallyRandomValues(array.baseAddress(), array.byteLength());
+#endif
return { };
}
