Changeset 219119 in webkit

Timestamp:

Jul 4, 2017, 10:43:18 AM (8 years ago)

Author:

Yusuke Suzuki

Message:

[WTF] Initialize srandom and srand with cryptographically random number
​https://bugs.webkit.org/show_bug.cgi?id=174123

Reviewed by Mark Lam.

Use cryptographically random number instead of current time as a seed.

• wtf/RandomNumberSeed.h:

(WTF::initializeRandomNumberGenerator):

Location:

trunk/Source/WTF

Files:

• ChangeLog (modified) (1 diff)
• wtf/RandomNumberSeed.h (modified) (2 diffs)

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2017-07-04  Yusuke Suzuki  <utatane.tea@gmail.com>
+
+        [WTF] Initialize srandom and srand with cryptographically random number
+        https://bugs.webkit.org/show_bug.cgi?id=174123
+
+        Reviewed by Mark Lam.
+
+        Use cryptographically random number instead of current time as a seed.
+
+        * wtf/RandomNumberSeed.h:
+        (WTF::initializeRandomNumberGenerator):
+
 2017-07-04  Joseph Pecoraro  <pecoraro@apple.com>
 

trunk/Source/WTF/wtf/RandomNumberSeed.h

@@ -29 +29 @@
 #include <stdlib.h>
 #include <time.h>
+#include <wtf/CryptographicallyRandomNumber.h>
 
 #if HAVE(SYS_TIME_H)
@@ -48 +49 @@
     // On Windows we use rand_s which initialises itself
 #elif OS(UNIX)
-    // srandomdev is not guaranteed to exist on linux so we use this poor seed, this should be improved
-    timeval time;
-    gettimeofday(&time, 0);
-    srandom(static_cast<unsigned>(time.tv_usec * getpid()));
+    srandom(cryptographicallyRandomNumber());
 #else
-    srand(static_cast<unsigned>(time(0)));
+    srand(cryptographicallyRandomNumber());
 #endif