mirrors/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-22 09:12:13 -05:00
Code Issues Projects Releases Packages Wiki Activity

LibWebSocket: Use Crypto::fill_with_secure_random instead of PRNG

Browse source
This commit is contained in:
rmg-x 2024-12-20 10:34:20 -06:00 committed by Ali Mohammad Pur
parent ceb7f5f017
commit f5d13e32af
Notes: github-actions[bot] 2024-12-24 16:55:48 +00:00 
Author: https://github.com/rmg-x
Commit: https://github.com/LadybirdBrowser/ladybird/commit/f5d13e32af1
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2996
Reviewed-by: https://github.com/ADKaster
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Libraries/LibWebSocket/WebSocket.cpp
View file

@ -8,6 +8,7 @@
#include <AK/Base64.h> #include <AK/Base64.h>
#include <AK/Random.h> #include <AK/Random.h>
#include <LibCrypto/Hash/HashManager.h> #include <LibCrypto/Hash/HashManager.h>
#include <LibCrypto/SecureRandom.h>
#include <LibWebSocket/Impl/WebSocketImplSerenity.h> #include <LibWebSocket/Impl/WebSocketImplSerenity.h>
#include <LibWebSocket/WebSocket.h> #include <LibWebSocket/WebSocket.h>
@ -183,7 +184,7 @@ void WebSocket::send_client_handshake()
// 7. 16-byte nonce encoded as Base64 // 7. 16-byte nonce encoded as Base64
u8 nonce_data[16]; u8 nonce_data[16];
fill_with_random(nonce_data); Crypto::fill_with_secure_random(nonce_data);
// FIXME: change to TRY() and make method fallible // FIXME: change to TRY() and make method fallible
m_websocket_key = MUST(encode_base64({ nonce_data, 16 })).to_byte_string(); m_websocket_key = MUST(encode_base64({ nonce_data, 16 })).to_byte_string();
builder.appendff("Sec-WebSocket-Key: {}\r\n", m_websocket_key); builder.appendff("Sec-WebSocket-Key: {}\r\n", m_websocket_key);
@ -589,7 +590,7 @@ void WebSocket::send_frame(WebSocket::OpCode op_code, ReadonlyBytes payload, boo
// > Clients MUST choose a new masking key for each frame, using an algorithm // > Clients MUST choose a new masking key for each frame, using an algorithm
// > that cannot be predicted by end applications that provide data // > that cannot be predicted by end applications that provide data
u8 masking_key[4]; u8 masking_key[4];
fill_with_random(masking_key); Crypto::fill_with_secure_random(masking_key);
m_impl->send(ReadonlyBytes(masking_key, 4)); m_impl->send(ReadonlyBytes(masking_key, 4));
// don't try to send empty payload // don't try to send empty payload
if (payload.size() == 0) if (payload.size() == 0)