Fill siphash salt directly with random data

Expanding less random data with MT is not needed when it succeeded.
author: Nobuyoshi Nakada <[email protected]> 2020-01-08 23:21:42 +0900
committer: Nobuyoshi Nakada <[email protected]> 2020-01-10 10:28:49 +0900
commit: 499de0a0f684e4bf766bac09b02806391f62c2f3 (patch)
tree: 8afb7cac5e5718d31a8c05be44f42e6a5e79c0c9 /random.c
parent: 54e31f4a5f29b076960fa6ebdd189369af982d49 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/random.c b/random.c
index e96c76a768..d02cd016c0 100644
--- a/random.c
+++ b/random.c
@@ -454,6 +454,7 @@ ruby_fill_random_bytes(void *seed, size_t size, int need_secure)
 
 #define fill_random_bytes ruby_fill_random_bytes
 
+/* cnt must be 4 or more */
 static void
 fill_random_seed(uint32_t *seed, size_t cnt)
 {
@@ -1466,7 +1467,12 @@ rb_memhash(const void *ptr, long len)
 void
 Init_RandomSeedCore(void)
 {
+    if (!fill_random_bytes(&hash_salt, sizeof(hash_salt), FALSE)) return;
+
     /*
+      If failed to fill siphash's salt with random data, expand less random
+      data with MT.
+
       Don't reuse this MT for Random::DEFAULT. Random::DEFAULT::seed shouldn't
       provide a hint that an attacker guess siphash's seed.
     */
author	Nobuyoshi Nakada <[email protected]>	2020-01-08 23:21:42 +0900
committer	Nobuyoshi Nakada <[email protected]>	2020-01-10 10:28:49 +0900
commit	499de0a0f684e4bf766bac09b02806391f62c2f3 (patch)
tree	8afb7cac5e5718d31a8c05be44f42e6a5e79c0c9 /random.c
parent	54e31f4a5f29b076960fa6ebdd189369af982d49 (diff)