<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[186151] trunk/Source/WTF</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/186151">186151</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2015-06-30 17:36:18 -0700 (Tue, 30 Jun 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Errors in read() are not handled in WTF::cryptographicallyRandomValuesFromOS.
https://bugs.webkit.org/show_bug.cgi?id=146473
Patch by Keith Miller <keith_miller@apple.com> on 2015-06-30
Reviewed by Filip Pizlo.
We were not checking if errors occurred in WTF::cryptographicallyRandomValuesFromOS.
We now buffer the data until enough bits of entropy exist to fill the buffer
rather than crash. Additionally, added two crash functions so we can distinguish
between the two reasons why we crashed in traces.
* wtf/OSRandomSource.cpp:
(WTF::crashUnableToOpenFD):
(WTF::crashUnableToReadFromFD):
(WTF::cryptographicallyRandomValuesFromOS):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWTFChangeLog">trunk/Source/WTF/ChangeLog</a></li>
<li><a href="#trunkSourceWTFwtfOSRandomSourcecpp">trunk/Source/WTF/wtf/OSRandomSource.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/ChangeLog (186150 => 186151)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/ChangeLog 2015-07-01 00:17:49 UTC (rev 186150)
+++ trunk/Source/WTF/ChangeLog 2015-07-01 00:36:18 UTC (rev 186151)
</span><span class="lines">@@ -1,3 +1,20 @@
</span><ins>+2015-06-30 Keith Miller <keith_miller@apple.com>
+
+ Errors in read() are not handled in WTF::cryptographicallyRandomValuesFromOS.
+ https://bugs.webkit.org/show_bug.cgi?id=146473
+
+ Reviewed by Filip Pizlo.
+
+ We were not checking if errors occurred in WTF::cryptographicallyRandomValuesFromOS.
+ We now buffer the data until enough bits of entropy exist to fill the buffer
+ rather than crash. Additionally, added two crash functions so we can distinguish
+ between the two reasons why we crashed in traces.
+
+ * wtf/OSRandomSource.cpp:
+ (WTF::crashUnableToOpenFD):
+ (WTF::crashUnableToReadFromFD):
+ (WTF::cryptographicallyRandomValuesFromOS):
+
</ins><span class="cx"> 2015-06-29 Dean Jackson <dino@apple.com>
</span><span class="cx">
</span><span class="cx"> Temporarily disable PICTURE_SIZES
</span></span></pre></div>
<a id="trunkSourceWTFwtfOSRandomSourcecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/OSRandomSource.cpp (186150 => 186151)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/OSRandomSource.cpp 2015-07-01 00:17:49 UTC (rev 186150)
+++ trunk/Source/WTF/wtf/OSRandomSource.cpp 2015-07-01 00:36:18 UTC (rev 186151)
</span><span class="lines">@@ -30,6 +30,7 @@
</span><span class="cx"> #include <stdlib.h>
</span><span class="cx">
</span><span class="cx"> #if OS(UNIX)
</span><ins>+#include <errno.h>
</ins><span class="cx"> #include <fcntl.h>
</span><span class="cx"> #include <unistd.h>
</span><span class="cx"> #endif
</span><span class="lines">@@ -41,17 +42,37 @@
</span><span class="cx">
</span><span class="cx"> namespace WTF {
</span><span class="cx">
</span><ins>+NEVER_INLINE NO_RETURN_DUE_TO_CRASH static void crashUnableToOpenURandom()
+{
+ CRASH();
+}
+
+NEVER_INLINE NO_RETURN_DUE_TO_CRASH static void crashUnableToReadFromURandom()
+{
+ CRASH();
+}
+
</ins><span class="cx"> void cryptographicallyRandomValuesFromOS(unsigned char* buffer, size_t length)
</span><span class="cx"> {
</span><span class="cx"> #if OS(UNIX)
</span><span class="cx"> int fd = open("/dev/urandom", O_RDONLY, 0);
</span><span class="cx"> if (fd < 0)
</span><del>- CRASH(); // We need /dev/urandom for this API to work...
</del><ins>+ crashUnableToOpenURandom(); // We need /dev/urandom for this API to work...
</ins><span class="cx">
</span><del>- if (read(fd, buffer, length) != static_cast<ssize_t>(length))
- CRASH();
</del><ins>+ ssize_t amountRead = 0;
+ while (static_cast<size_t>(amountRead) < length) {
+ ssize_t currentRead = read(fd, buffer + amountRead, length - amountRead);
+ // We need to check for both EAGAIN and EINTR since on some systems /dev/urandom
+ // is blocking and on others it is non-blocking.
+ if (currentRead == -1) {
+ if (!(errno == EAGAIN || errno == EINTR))
+ crashUnableToReadFromURandom();
+ } else
+ amountRead += currentRead;
+ }
+
+ close(fd);
</ins><span class="cx">
</span><del>- close(fd);
</del><span class="cx"> #elif OS(WINDOWS)
</span><span class="cx"> HCRYPTPROV hCryptProv = 0;
</span><span class="cx"> if (!CryptAcquireContext(&hCryptProv, 0, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
</span></span></pre>
</div>
</div>
</body>
</html>