LibTLS: Use Crypto::fill_with_secure_random instead of PRNG

Author: https://github.com/rmg-x Commit: e222ccf028 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2996 Reviewed-by: https://github.com/ADKaster
2025-08-06 16:19:23 +00:00 · 2024-12-20 10:33:43 -06:00 · 2024-12-20 10:33:43 -06:00 · e222ccf028 · 2024-12-24 16:56:03 +00:00
commit e222ccf028
parent f55f507e56
3 changed files with 7 additions and 4 deletions
--- a/Libraries/LibTLS/Record.cpp
+++ b/Libraries/LibTLS/Record.cpp
@ -10,6 +10,7 @@
 #include <AK/Random.h>
 #include <LibCore/EventLoop.h>
 #include <LibCore/Timer.h>
+#include <LibCrypto/SecureRandom.h>
 #include <LibTLS/TLSv12.h>

 namespace TLS {
@ -157,7 +158,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
                        u8 iv[12];
                        Bytes iv_bytes { iv, 12 };
                        Bytes { m_context.crypto.local_aead_iv, 4 }.copy_to(iv_bytes);
-                        fill_with_random(iv_bytes.slice(4, 8));
+                        Crypto::fill_with_secure_random(iv_bytes.slice(4, 8));

                        // write the random part of the iv out
                        iv_bytes.slice(4, 8).copy_to(ct.bytes().slice(header_size));
@ -204,7 +205,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
                            VERIFY_NOT_REACHED();
                        }
                        auto iv = iv_buffer_result.release_value();
-                        fill_with_random(iv);
+                        Crypto::fill_with_secure_random(iv);

                        // write it into the ciphertext portion of the message
                        ct.overwrite(header_size, iv.data(), iv.size());