ruby-changes:59665
From: Nobuyoshi <ko1@a...>
Date: Fri, 10 Jan 2020 10:29:12 +0900 (JST)
Subject: [ruby-changes:59665] 499de0a0f6 (master): Fill siphash salt directly with random data
https://git.ruby-lang.org/ruby.git/commit/?id=499de0a0f6 From 499de0a0f684e4bf766bac09b02806391f62c2f3 Mon Sep 17 00:00:00 2001 From: Nobuyoshi Nakada <nobu@r...> Date: Wed, 8 Jan 2020 23:21:42 +0900 Subject: Fill siphash salt directly with random data Expanding less random data with MT is not needed when it succeeded. diff --git a/random.c b/random.c index e96c76a..d02cd01 100644 --- a/random.c +++ b/random.c @@ -454,6 +454,7 @@ ruby_fill_random_bytes(void *seed, size_t size, int need_secure) https://github.com/ruby/ruby/blob/trunk/random.c#L454 #define fill_random_bytes ruby_fill_random_bytes +/* cnt must be 4 or more */ static void fill_random_seed(uint32_t *seed, size_t cnt) { @@ -1466,7 +1467,12 @@ rb_memhash(const void *ptr, long len) https://github.com/ruby/ruby/blob/trunk/random.c#L1467 void Init_RandomSeedCore(void) { + if (!fill_random_bytes(&hash_salt, sizeof(hash_salt), FALSE)) return; + /* + If failed to fill siphash's salt with random data, expand less random + data with MT. + Don't reuse this MT for Random::DEFAULT. Random::DEFAULT::seed shouldn't provide a hint that an attacker guess siphash's seed. */ -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/