LibTLS: Use Crypto::fill_with_secure_random instead of PRNG

Author: https://github.com/rmg-x Commit: https://github.com/LadybirdBrowser/ladybird/commit/e222ccf028b Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2996 Reviewed-by: https://github.com/ADKaster
2025-04-20 11:36:10 +00:00 · 2024-12-20 10:33:43 -06:00 · 2024-12-20 10:33:43 -06:00 · e222ccf028 · 2024-12-24 16:56:03 +00:00
commit e222ccf028
parent f55f507e56
3 changed files with 7 additions and 4 deletions
--- a/Libraries/LibTLS/Handshake.cpp
+++ b/Libraries/LibTLS/Handshake.cpp
@ -11,13 +11,14 @@

 #include <LibCore/Timer.h>
 #include <LibCrypto/ASN1/DER.h>
+#include <LibCrypto/SecureRandom.h>
 #include <LibTLS/TLSv12.h>

 namespace TLS {

 ByteBuffer TLSv12::build_hello()
 {
-    fill_with_random(m_context.local_random);
+    ::Crypto::fill_with_secure_random(m_context.local_random);

    auto packet_version = (u16)m_context.options.version;
    auto version = (u16)m_context.options.version;
--- a/Libraries/LibTLS/HandshakeClient.cpp
+++ b/Libraries/LibTLS/HandshakeClient.cpp
@ -11,6 +11,7 @@
 #include <LibCrypto/ASN1/DER.h>
 #include <LibCrypto/BigInt/UnsignedBigInteger.h>
 #include <LibCrypto/NumberTheory/ModularFunctions.h>
+#include <LibCrypto/SecureRandom.h>
 #include <LibTLS/TLSv12.h>

 namespace TLS {
@ -160,7 +161,7 @@ void TLSv12::build_rsa_pre_master_secret(PacketBuilder& builder)
    u8 random_bytes[48];
    size_t bytes = 48;

-    fill_with_random(random_bytes);
+    Crypto::fill_with_secure_random(random_bytes);

    // remove zeros from the random bytes
    for (size_t i = 0; i < bytes; ++i) {
--- a/Libraries/LibTLS/Record.cpp
+++ b/Libraries/LibTLS/Record.cpp
@ -10,6 +10,7 @@
 #include <AK/Random.h>
 #include <LibCore/EventLoop.h>
 #include <LibCore/Timer.h>
+#include <LibCrypto/SecureRandom.h>
 #include <LibTLS/TLSv12.h>

 namespace TLS {
@ -157,7 +158,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
                        u8 iv[12];
                        Bytes iv_bytes { iv, 12 };
                        Bytes { m_context.crypto.local_aead_iv, 4 }.copy_to(iv_bytes);
-                        fill_with_random(iv_bytes.slice(4, 8));
+                        Crypto::fill_with_secure_random(iv_bytes.slice(4, 8));

                        // write the random part of the iv out
                        iv_bytes.slice(4, 8).copy_to(ct.bytes().slice(header_size));
@ -204,7 +205,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
                            VERIFY_NOT_REACHED();
                        }
                        auto iv = iv_buffer_result.release_value();
-                        fill_with_random(iv);
+                        Crypto::fill_with_secure_random(iv);

                        // write it into the ciphertext portion of the message
                        ct.overwrite(header_size, iv.data(), iv.size());