Bug 239735

Summary: [libpas] Implement secure random numbers
Product: WebKit Reporter: Brandon <brandonstewart>
Component: bmallocAssignee: Brandon <brandonstewart>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   

Description Brandon 2022-04-25 11:29:19 PDT 
We currently have a cheesy random and secure random, which use the same implementation for generating random numbers. (We are going to ignore the mock testing code here).

This patch introduces a fast random and secure random.

The fast random maintains the same properties as the previous implementation, while secure random will use the cryptographically secure arc4random_uniform to give better randomness.

arc4random() can be quite an expensive operation and based on discussing with Yusuke he found heavy performance penalties when using this in JSC.

Our secure random shall only be used in cases where true randomness is needed.

We have 2 spots where we currently use secure random we shall just migrate those over to using fast random.
Comment 1 Geoffrey Garen 2022-04-25 11:45:45 PDT 
Can we re-use WTF::WeakRandom for this (or reuse the alogrithm)?
Comment 2 Brandon 2022-04-25 11:54:07 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/379
Comment 3 Brandon 2022-04-25 14:16:25 PDT 
(In reply to Geoffrey Garen from comment #1)
> Can we re-use WTF::WeakRandom for this (or reuse the alogrithm)?

We could probably reimplement the WeakRandom algorithm to replace the fast generator (just took a brief look at the code).

The main goal of this patch was to separate the fast and secure random generator, and provide a suitable secure random generator.

Replacing the fast random generator can be further investigated in a future patch.
Comment 4 Geoffrey Garen 2022-04-25 14:49:03 PDT 
OK, got it!
Comment 5 EWS 2022-04-27 10:31:10 PDT 
Committed r293518 (250049@main): <https://commits.webkit.org/250049@main>

Reviewed commits have been landed. Closing PR #379 and removing active labels.
Comment 6 Radar WebKit Bug Importer 2022-04-27 10:32:14 PDT 
<rdar://problem/92406887>