RESOLVED FIXED Bug 239735
[libpas] Implement secure random numbers 
https://bugs.webkit.org/show_bug.cgi?id=239735
Summary [libpas] Implement secure random numbers
Brandon
Reported 2022-04-25 11:29:19 PDT
We currently have a cheesy random and secure random, which use the same implementation for generating random numbers. (We are going to ignore the mock testing code here). This patch introduces a fast random and secure random. The fast random maintains the same properties as the previous implementation, while secure random will use the cryptographically secure arc4random_uniform to give better randomness. arc4random() can be quite an expensive operation and based on discussing with Yusuke he found heavy performance penalties when using this in JSC. Our secure random shall only be used in cases where true randomness is needed. We have 2 spots where we currently use secure random we shall just migrate those over to using fast random.
Attachments
Add attachment proposed patch, testcase, etc.
Geoffrey Garen
Comment 1 2022-04-25 11:45:45 PDT
Can we re-use WTF::WeakRandom for this (or reuse the alogrithm)?
Brandon
Comment 2 2022-04-25 11:54:07 PDT
Pull request: https://github.com/WebKit/WebKit/pull/379
Brandon
Comment 3 2022-04-25 14:16:25 PDT
(In reply to Geoffrey Garen from comment #1) > Can we re-use WTF::WeakRandom for this (or reuse the alogrithm)? We could probably reimplement the WeakRandom algorithm to replace the fast generator (just took a brief look at the code). The main goal of this patch was to separate the fast and secure random generator, and provide a suitable secure random generator. Replacing the fast random generator can be further investigated in a future patch.
Geoffrey Garen
Comment 4 2022-04-25 14:49:03 PDT
OK, got it!
EWS
Comment 5 2022-04-27 10:31:10 PDT
Committed r293518 (250049@main): <https://commits.webkit.org/250049@main> Reviewed commits have been landed. Closing PR #379 and removing active labels.
Radar WebKit Bug Importer
Comment 6 2022-04-27 10:32:14 PDT
<rdar://problem/92406887>
Note You need to log in before you can comment on or make changes to this bug.