From ceb7f5f017b8bccc120672457573eea3e187ccc8 Mon Sep 17 00:00:00 2001
From: rmg-x <git@rmgx.io>
Date: Fri, 20 Dec 2024 10:34:14 -0600
Subject: [PATCH] LibWeb: Use `Crypto::fill_with_secure_random` instead of PRNG

---
 Libraries/LibWeb/Crypto/Crypto.cpp           | 5 +++--
 Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/Libraries/LibWeb/Crypto/Crypto.cpp b/Libraries/LibWeb/Crypto/Crypto.cpp
index 24740bb3765..ee73298152e 100644
--- a/Libraries/LibWeb/Crypto/Crypto.cpp
+++ b/Libraries/LibWeb/Crypto/Crypto.cpp
@@ -7,6 +7,7 @@
 
 #include <AK/Random.h>
 #include <AK/StringBuilder.h>
+#include <LibCrypto/SecureRandom.h>
 #include <LibJS/Runtime/TypedArray.h>
 #include <LibWeb/Bindings/CryptoPrototype.h>
 #include <LibWeb/Bindings/ExceptionOrUtils.h>
@@ -67,7 +68,7 @@ WebIDL::ExceptionOr<GC::Root<WebIDL::ArrayBufferView>> Crypto::get_random_values
     // FIXME: Handle SharedArrayBuffers
 
     // 3. Overwrite all elements of array with cryptographically strong random values of the appropriate type.
-    fill_with_random(array->viewed_array_buffer()->buffer().bytes().slice(array->byte_offset(), array->byte_length()));
+    ::Crypto::fill_with_secure_random(array->viewed_array_buffer()->buffer().bytes().slice(array->byte_offset(), array->byte_length()));
 
     // 4. Return array.
     return array;
@@ -94,7 +95,7 @@ ErrorOr<String> generate_random_uuid()
     u8 bytes[16];
 
     // 2. Fill bytes with cryptographically secure random bytes.
-    fill_with_random(bytes);
+    ::Crypto::fill_with_secure_random(bytes);
 
     // 3. Set the 4 most significant bits of bytes[6], which represent the UUID version, to 0100.
     bytes[6] &= ~(1 << 7);
diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
index 82673143cd4..eb7fb20073c 100644
--- a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
+++ b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
@@ -29,6 +29,7 @@
 #include <LibCrypto/Hash/SHA2.h>
 #include <LibCrypto/PK/RSA.h>
 #include <LibCrypto/Padding/OAEP.h>
+#include <LibCrypto/SecureRandom.h>
 #include <LibJS/Runtime/Array.h>
 #include <LibJS/Runtime/ArrayBuffer.h>
 #include <LibJS/Runtime/DataView.h>
@@ -323,8 +324,7 @@ static WebIDL::ExceptionOr<void> validate_jwk_key_ops(JS::Realm& realm, Bindings
 static WebIDL::ExceptionOr<ByteBuffer> generate_random_key(JS::VM& vm, u16 const size_in_bits)
 {
     auto key_buffer = TRY_OR_THROW_OOM(vm, ByteBuffer::create_uninitialized(size_in_bits / 8));
-    // FIXME: Use a cryptographically secure random generator
-    fill_with_random(key_buffer);
+    ::Crypto::fill_with_secure_random(key_buffer);
     return key_buffer;
 }