• John Mellor's avatar
    Mark base::GenerateGUID as secure random · afab972d
    John Mellor authored
    It's commonly assumed that GUIDs generated by base::GenerateGUID are
    unguessable and will not collide, and this is in practice true since
    it's backed by base::RandBytes.
    
    The header for base::RandBytes did not guarantee being secure, but the
    implementations were all required to be cryptographically strong random
    number generators since crypto::RandBytes and base::UnguessableToken
    already both depend on base::RandBytes (see https://crbug.com/140076).
    
    This patch:
    
    - Marks base::GenerateGUID as secure in the code comments.
    
    - Migrates base::GenerateGUID from base::RandUint64 which is not
      guaranteed to be secure to base::RandBytes which is - see above.
      (It's not possible to migrate to crypto::RandBytes since that would
      introduce a circular dependency between base and crypto - see
      UnguessableToken::Create for a similar case).
    
    - Marks base::RandBytes as secure random in its header, but clarifying
      that code outside base/ that depends on it being secure should
      continue to use the crypto/ wrapper.
    
    - Cleans up some duplicated code in the implementations of
      base/rand_util_*.cc
    
    Bug: none
    Change-Id: I282bbd7d1883ba120c01280b941b9d7ecbef404c
    Reviewed-on: https://chromium-review.googlesource.com/678731Reviewed-by: 's avatarMark Mentovai <mark@chromium.org>
    Commit-Queue: John Mellor <johnme@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#504389}
    afab972d