Bug 1870579 - Use PK11_GenerateRandom to generate random number, r=necko-reviewers,valentin

Differential Revision: https://phabricator.services.mozilla.com/D204755

modules/libpref/init/StaticPrefList.yaml

@@ -12779,6 +12779,18 @@
   value: true
   mirror: always
 
+  # The length of cnonce string used in HTTP digest auth.
+- name: network.http.digest_auth_cnonce_length
+  type: uint32_t
+  value: 64
+  mirror: always
+
+  # If true, HTTP response content-type headers will be parsed using the standards-compliant MimeType parser
+- name: network.standard_content_type_parsing.response_headers
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
 # The maximum count that we allow socket prrocess to crash. If this count is
 # reached, we won't use networking over socket process.
 - name: network.max_socket_process_failed_count

netwerk/protocol/http/nsHttpDigestAuth.cpp

@@ -9,6 +9,7 @@
 
 #include "mozilla/ClearOnShutdown.h"
 #include "mozilla/Sprintf.h"
+#include "mozilla/StaticPrefs_network.h"
 #include "mozilla/Unused.h"
 
 #include "nsHttp.h"
@@ -22,6 +23,7 @@
 #include "nsCRT.h"
 #include "nsICryptoHash.h"
 #include "nsComponentManagerUtils.h"
+#include "pk11pub.h"
 
 constexpr uint16_t DigestLength(uint16_t aAlgorithm) {
   if (aAlgorithm & (ALGO_SHA256 | ALGO_SHA256_SESS)) {
@@ -321,9 +323,13 @@ nsHttpDigestAuth::GenerateCredentials(
   // returned Authentication-Info header). also used for session info.
   //
   nsAutoCString cnonce;
-  static const char hexChar[] = "0123456789abcdef";
-  for (int i = 0; i < 16; ++i) {
-    cnonce.Append(hexChar[(int)(15.0 * rand() / (RAND_MAX + 1.0))]);
+  nsTArray<uint8_t> cnonceBuf;
+  cnonceBuf.SetLength(StaticPrefs::network_http_digest_auth_cnonce_length() /
+                      2);
+  PK11_GenerateRandom(reinterpret_cast<unsigned char*>(cnonceBuf.Elements()),
+                      cnonceBuf.Length());
+  for (auto byte : cnonceBuf) {
+    cnonce.AppendPrintf("%02x", byte);
   }
   LOG(("   cnonce=%s\n", cnonce.get()));