Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in

Issue 1431233002: Remove blink's use of RC4 for random value generation. (Closed)

5 years, 3 months ago by eroman
5 years, 3 months ago
Nico, davidben
chromium-reviews,,,, jam,, blink-reviews,, Mikhail, jww
Base URL:
Target Ref:


Remove blink's use of RC4 for random value generation. This re-implements Blink's random number generator (wtf::cryptographicallyRandomValues) in terms of calling crypto::RandomBytes() directly, rather than using an ARC4 keystream that periodically stirs in system randomness. Reason: RC4 (ARC4) has known weaknesses and has already been disabled as an accepted TLS cipher for Chrome M48. It should not be used internally for generating random numbers in Blink. The way cryptographically random number generation worked in Blink prior to this patch is that wtf::cryptographicallyRandomValues() would generate random bytes using an ARC4 keystream. Every 1.6MB of generated data it would stir in randomness obtained via Platform::current()->cryptographicallyRandomValues(). The way it works after this patchset is that wtf::cryptographicallyRandomValues() directly calls Platform::current()->cryptographicallyRandomValues(), without layering on its own PRNG. The concrete implementation of Platform::cryptographicallyRandomValues() now calls crypto::RandBytes() [1], which provides good cryptographically secure random numbers by reading from hardware/system randomness sources. The consequences of this change are: * The fixed sequence of random numbers seen by certain tests will have changed. I haven't observed this to be a problem with any of the tests though. * The performance characteristics of cryptographicallyRandomValues() have changed, for the worse. Measured using a microbenchmark, window.crypto.getRandomValues() is almost 5x slower now. This is not all that surprising since RC4 was pretty fast, and was only mixing in system randomness every 1.6MB (my test generated 256MB). [1] Technically it is calling base::RandBytes(), but under the hood that calls crypto::RandBytes(). Will fix that dependency separately. BUG=552749 Committed: Cr-Commit-Position: refs/heads/master@{#358803}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Address David's comments #

Patch Set 3 : Undo the base::RandBytes() --> crypto::RandBytes() change (moved to another CL) #

Total comments: 2

Patch Set 4 : Remove unused header #

Patch Set 5 : rebase and reparent branch to origin/master #

Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -147 lines) Patch
M third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp View 1 2 3 2 chunks +4 lines, -147 lines 0 comments Download


Total messages: 20 (9 generated)
@davidben: Please review the use of crypto::RandBytes(), and the performance conclusions of this change (5x ...
5 years, 3 months ago (2015-11-10 00:27:24 UTC) #2
lgtm. I don't think the perf hit is worth worrying about. If we do end ...
5 years, 3 months ago (2015-11-10 01:13:22 UTC) #3
Thanks! Note I have simplified this change so it is now just a single file ...
5 years, 3 months ago (2015-11-10 02:02:43 UTC) #5
lgtm File third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp (right): third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp:21: #include <string.h> No longer needed?
5 years, 3 months ago (2015-11-10 02:14:35 UTC) #6
eroman File third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp (right): third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp:21: #include <string.h> On 2015/11/10 02:14:35, davidben wrote: > No ...
5 years, 3 months ago (2015-11-10 02:17:54 UTC) #7
+thakis for OWNERS approval
5 years, 3 months ago (2015-11-10 02:26:20 UTC) #10
lgtm Also, getting a single random number is now two indirect hops. But if that ...
5 years, 3 months ago (2015-11-10 05:11:11 UTC) #11
commit-bot: I haz the power
This CL has an open dependency (Issue 1419293005 Patch 1). Please resolve the dependency and ...
5 years, 3 months ago (2015-11-10 06:05:43 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at View timeline at
5 years, 3 months ago (2015-11-10 06:10:46 UTC) #18
commit-bot: I haz the power
Committed patchset #5 (id:80001)
5 years, 3 months ago (2015-11-10 07:43:43 UTC) #19
commit-bot: I haz the power
5 years, 3 months ago (2015-11-10 07:44:39 UTC) #20
Message was sent while issue was closed.
Patchset 5 (id:??) landed as
Cr-Commit-Position: refs/heads/master@{#358803}

Powered by Google App Engine
This is Rietveld 408576698