Remove blink's use of RC4 for random value generation.

third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp

Index: third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp
diff --git a/third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp b/third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp
index 227a806eaa9ce1c8ce1332c8381db5fc7e3168ee..a24cc3732dcaa3cc3785ba36aa9347cd01f13122 100644
--- a/third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp
+++ b/third_party/WebKit/Source/wtf/CryptographicallyRandomNumber.cpp
@@ -15,24 +15,10 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/*
- * Arc4 random number generator for OpenBSD.
- *
- * This code is derived from section 17.1 of Applied Cryptography,
- * second edition, which describes a stream cipher allegedly
- * compatible with RSA Labs "RC4" cipher (the actual description of
- * which is a trade secret).  The same algorithm is used as a stream
- * cipher called "arcfour" in Tatu Ylonen's ssh package.
- *
- * RC4 is a registered trademark of RSA Laboratories.
- */
-
 #include "config.h"
 #include "wtf/CryptographicallyRandomNumber.h"
 
-#include "wtf/StdLibExtras.h"
-#include "wtf/Threading.h"
-#include "wtf/ThreadingPrimitives.h"
+#include <string.h> // For memcpy().

[davidben, 2015/11/10 01:13:21]

Nit: Unless this is the Blink style, I probably wouldn't bother with the
comment. We don't typically add random comments when you, e.g. include <utility>
for std::pair.

[eroman, 2015/11/10 02:02:42]

Done.

 
 namespace WTF {
 
@@ -43,143 +29,18 @@ void setRandomSource(RandomNumberSource source)
     sourceFunction = source;
 }
 
-namespace {
-
-class ARC4Stream {
-public:
-    ARC4Stream();
-
-    uint8_t i;
-    uint8_t j;
-    uint8_t s[256];
-};
-
-class ARC4RandomNumberGenerator {
-    USING_FAST_MALLOC(ARC4RandomNumberGenerator);
-public:
-    ARC4RandomNumberGenerator();
-
-    uint32_t randomNumber();
-    void randomValues(void* buffer, size_t length);
-
-private:
-    inline void addRandomData(unsigned char *data, int length);
-    void stir();
-    void stirIfNeeded();
-    inline uint8_t getByte();
-    inline uint32_t getWord();
-
-    ARC4Stream m_stream;
-    int m_count;
-    Mutex m_mutex;
-};
-
-ARC4Stream::ARC4Stream()
-{
-    for (int n = 0; n < 256; n++)
-        s[n] = static_cast<uint8_t>(n);
-    i = 0;
-    j = 0;
-}
-
-ARC4RandomNumberGenerator::ARC4RandomNumberGenerator()
-    : m_count(0)
-{
-}
-
-void ARC4RandomNumberGenerator::addRandomData(unsigned char* data, int length)
-{
-    m_stream.i--;
-    for (int n = 0; n < 256; n++) {
-        m_stream.i++;
-        uint8_t si = m_stream.s[m_stream.i];
-        m_stream.j += si + data[n % length];
-        m_stream.s[m_stream.i] = m_stream.s[m_stream.j];
-        m_stream.s[m_stream.j] = si;
-    }
-    m_stream.j = m_stream.i;
-}
-
-void ARC4RandomNumberGenerator::stir()
-{
-    unsigned char randomness[128];
-    size_t length = sizeof(randomness);
-    (*sourceFunction)(randomness, length);
-    addRandomData(randomness, length);
-
-    // Discard early keystream, as per recommendations in:
-    // http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
-    for (int i = 0; i < 256; i++)
-        getByte();
-    m_count = 1600000;
-}
-
-void ARC4RandomNumberGenerator::stirIfNeeded()
-{
-    if (m_count <= 0)
-        stir();
-}
-
-uint8_t ARC4RandomNumberGenerator::getByte()
-{
-    m_stream.i++;
-    uint8_t si = m_stream.s[m_stream.i];
-    m_stream.j += si;
-    uint8_t sj = m_stream.s[m_stream.j];
-    m_stream.s[m_stream.i] = sj;
-    m_stream.s[m_stream.j] = si;
-    return (m_stream.s[(si + sj) & 0xff]);
-}
-
-uint32_t ARC4RandomNumberGenerator::getWord()
-{
-    uint32_t val;
-    val = getByte() << 24;
-    val |= getByte() << 16;
-    val |= getByte() << 8;
-    val |= getByte();
-    return val;
-}
-
-uint32_t ARC4RandomNumberGenerator::randomNumber()
-{
-    MutexLocker locker(m_mutex);
-
-    m_count -= 4;
-    stirIfNeeded();
-    return getWord();
-}
-
-void ARC4RandomNumberGenerator::randomValues(void* buffer, size_t length)
-{
-    MutexLocker locker(m_mutex);
-
-    unsigned char* result = reinterpret_cast<unsigned char*>(buffer);
-    stirIfNeeded();
-    while (length--) {
-        m_count--;
-        stirIfNeeded();
-        result[length] = getByte();
-    }
-}
-
-ARC4RandomNumberGenerator& sharedRandomNumberGenerator()
-{
-    AtomicallyInitializedStaticReference(ARC4RandomNumberGenerator, randomNumberGenerator, new ARC4RandomNumberGenerator);
-    return randomNumberGenerator;
-}
-
-}
-
-
 uint32_t cryptographicallyRandomNumber()
 {
-    return sharedRandomNumberGenerator().randomNumber();
+    uint32_t result;
+    uint8_t bytes[sizeof(result)];
+    cryptographicallyRandomValues(bytes, sizeof(bytes));
+    memcpy(&result, bytes, sizeof(bytes));

[davidben, 2015/11/10 01:13:21]

I think this falls under the character type escape hatch of strict aliasing, so
you don't need the memcpy. But I'm no language-lawyer.

[eroman, 2015/11/10 02:02:43]

Done.

I don't fully understand the language either, but we certainly make that
assumption elsewhere [1]

[1]
https://code.google.com/p/chromium/codesearch#chromium/src/base/rand_util_win...

+    return result;
 }
 
 void cryptographicallyRandomValues(void* buffer, size_t length)
 {
-    sharedRandomNumberGenerator().randomValues(buffer, length);
+    (*sourceFunction)(reinterpret_cast<unsigned char*>(buffer), length);
 }
 
 }