summaryrefslogtreecommitdiff
path: root/random.c
diff options
context:
space:
mode:
authorNobuyoshi Nakada <nobu@ruby-lang.org>2020-01-08 23:21:42 +0900
committerNobuyoshi Nakada <nobu@ruby-lang.org>2020-01-10 10:28:49 +0900
commit499de0a0f684e4bf766bac09b02806391f62c2f3 (patch)
tree8afb7cac5e5718d31a8c05be44f42e6a5e79c0c9 /random.c
parent54e31f4a5f29b076960fa6ebdd189369af982d49 (diff)
Fill siphash salt directly with random data
Expanding less random data with MT is not needed when it succeeded.
Notes
Notes: Merged: https://github.com/ruby/ruby/pull/2826
Diffstat (limited to 'random.c')
-rw-r--r--random.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/random.c b/random.c
index e96c76a..d02cd01 100644
--- a/random.c
+++ b/random.c
@@ -454,6 +454,7 @@ ruby_fill_random_bytes(void *seed, size_t size, int need_secure)
#define fill_random_bytes ruby_fill_random_bytes
+/* cnt must be 4 or more */
static void
fill_random_seed(uint32_t *seed, size_t cnt)
{
@@ -1466,7 +1467,12 @@ rb_memhash(const void *ptr, long len)
void
Init_RandomSeedCore(void)
{
+ if (!fill_random_bytes(&hash_salt, sizeof(hash_salt), FALSE)) return;
+
/*
+ If failed to fill siphash's salt with random data, expand less random
+ data with MT.
+
Don't reuse this MT for Random::DEFAULT. Random::DEFAULT::seed shouldn't
provide a hint that an attacker guess siphash's seed.
*/